AndreaF   1885 pts.  |   Aug 18 2009  6:34PM GMT

We were forced to implement off-site storage on backups when our company joined a larger organization which is listed on the New York stock exchange - making it subject to Sarbanes/Oxley regulations.

JennyMack   3330 pts.  |   Aug 18 2009  8:00PM GMT

Ah, so SOX requires off-site data storage?

mrdenny   46795 pts.  |   Aug 18 2009  11:36PM GMT

SOX doesn’t require off-site storage per say. SOX requires that you have a plan in place to get the systems back up and running. If your written and approved company plan is to through your hands in the air and run around in circles, technically that’s a plan and will pass the auditors inspection. (The auditors can comment that the plan sucks, but you have a written and approved plan, so they have to pass that section.)

Most public companies, as they want to actually stay in business after a DR event has happened, will use SOX as the reason to setup the DR plan in motion.

(And yes a certified auditor told me that as long as it’s a written and approved plan, no matter how bad, it’ll pass.)

AndreaF   1885 pts.  |   Aug 19 2009  6:19PM GMT

Our company required stringent procedures regarding all back up - routines, as well as storage, for our preparations for our compliance audit.

Offsite backup enables SOX compliance without having to implement elaborate procedures and spending precious IT dollars in expensive hardware and software. Offsite backup service ensures that your backup data is always secure and is available to you when you need it the most, while helping you comply with federal regulations for SOX compliance.

Sonotsky   660 pts.  |   Aug 20 2009  3:00PM GMT

With my current employer, it wasn’t the company that dictated offsite storage, it was actually a client contractual obligation that we have storage at least 500 miles (I think) away from our primary datacenter and that we have the capability to resume regular processing within 24 hours.

The solution that was decided on, about a year before I joined the company, was to set up an EMC Symmetrix in our primary site, and leverage a shared DMX in an existing remote dadatacenter owned by the overall, worldwide company, and sync at the block level with SRDF/A.

So, we have the benefit of fast, robust local storage and offsite, backup storage for recovery purposes.

In addition, for less-critical applications and services, we’ve broken down storage into tiers, as Technochic has. Tier1 is the aforementioned Symmetrix fabric, whereas tier2 are lower-cost Clariion silos.

We have a small number of NAS devices, and a ton of local disks, but the crux of our storage focus has been on the FC SAN for the past couple of years.