Home General

What If We Already Have a Zip Drive?

Frankly, we believe that it is not optimal for most users to utilize a zip or other removable disk media for backup. RentaVault Offsite Backup Service is completely automated and has the required file redundancy to protect important data. The only safe way to use a zip drive for backup is to have three disks and make the same backup three times. That way when one of the disks fails you are still protected.

 

Last Updated (Wednesday, 30 June 2010 20:13)

 

Regulatory Compliance

Information about regulatory compliance as it relates to HIPPA, SEC/NASD, Sarbarnes-Oxley, and Graham-Leach-Bliley can be found below.

Health Insurance Portability and Accountability Act (HIPAA)

Requirement: Electronic personal health information (ePHI) must be protected against any reasonably anticipated threats or hazards.

Rentavault: The data is housed in two separate Tier One data centers. Both the primary center and the secondary remote center are heavily secured. Redundant fail-safe systems protect the data in every step of the backup and storage process.

Requirement: Access to ePHI must be protected against any reasonably anticipated uses or disclosures that are not permitted or required by the Privacy Rule.

Rentavault: The data is encrypted before transmission and is always maintained in encrypted state. Access is restricted by password authentication.

Requirement: Maintenance of record of access authorizations.

Rentavault: Access to data is date and time-stamped by user, providing a clear audit trail.

Requirement: If the data is processed through a third party (Rentavault Inc.), entities are required to enter into a chain of trust partner agreement.

Rentavault: Rentavault Inc. enters into a Business Associate Agreement with client, in which the parties agree to electronically exchange data and to protect the transmitted data. The Agreement states that the receiver of data (Rentavault Inc.) is required to maintain the integrity and confidentiality of the transmitted information.

 

About HIPPA

 

The Health Insurance Portability and Accountability Act of 1996 imposes standards for the privacy and protection of all health information that can be linked to individuals. Health and Human Services (HHS) has published final HIPAA regulations that affect virtually every area of health-related organizations in the United States, from the one-physician office to hospitals, health systems, HMOs, health care support services, and others. Part of this act is focused on the secure storage and transmission of confidential patient data over computer networks. Privacy regulations were released in December 2000, made final on April 14, 2001, and went into effect in April 2003.

Non-compliance carries stiff civil and criminal penalties.

All health care organizations are affected in some way by HIPAA. The entities that are affected include all health care providers (even one-physician offices), health plans, employers, public health authorities, hospitals, life insurers, clearinghouses, billing agencies, information systems vendors, service organizations, and universities.

A broad definition of personal health information (PHI) includes - All individually identifiable health information in ANY form or media including subsets of health information such as demographics. The HIPAA privacy mandate defines who is authorized to access information (the right of individuals to keep information about themselves from being disclosed). HIPAA requires the ability to establish and maintain reasonable and appropriate administrative, technical, and physical safeguards to ensure integrity, confidentiality, and availability of the information.

Healthcare organizations are required to individually assess their security and privacy requirements and take suitable measures to implement electronic data protection (both while in transit and during storage).

If the data is processed through a third party (Rentavault Inc.), entities are required to enter into a chain of trust partner agreement. This is a contract in which the parties agree to electronically exchange data and to protect the transmitted data. The sender and receiver of data are required and depend upon each other to maintain the integrity and confidentiality of the transmitted information.

 

SEC/NASD

 

Requirement: Preserve the records exclusively in a non-rewriteable, non-erasable format.

Rentavault: Data Protection Services (Rentavault Inc.) preserves the records exclusively in a non-rewriteable, non-erasable format.

Requirement: Verify automatically the quality and accuracy of the storage media recording process.

Rentavault: The data is verified automatically every time a backup takes place.

Requirement: Serialize the original, and, if applicable, duplicate units of the storage media, and time-date for the required period of retention the information placed on such electronic storage media.

Rentavault: Even if data is restored to the client system, the original remains in the vault in the same exact state as the initial backup until it is cycled off at the end of the period chosen (whether that period is a day or 7 years).

The Rentavault Inc. automated process and subsequent detailed reporting gives regulators a clear idea of the chain of custody of the stored information and also rapid access, should it be required.

All access to the stored data is documented and time/date stamped.

Requirement: Have the capacity to readily download indexes and records preserved on the electronic storage media to any acceptable medium acceptable.

Rentavault: The data is available for online restores 24/7, 365 days a year.

All backups are stored with the catalogs (indexes) and accessible to authorized users at all times.

Requirement: Store separately from the original a duplicate copy of the record stored on any medium acceptable for the time required.

Rentavault: Rentavault Inc. online backup uses a process that backs up the original and duplicates it to a remote location. This is not a "mirrored" process, but a process that insures that the original data and any duplicate copies are identical. The data is stored on fault-tolerant disk media.

About SEC/NASD Regulations

In 1934, to protect investors from fraudulent or misleading claims in the securities industry, the SEC enacted the Securities Exchange Act, a set of laws that required records be made and kept for the purposes of review and auditing of securities transactions. In 1997, the Commission amended the primary rule 17a-4 to allow brokers and dealers to store records electronically. The SEC defines strict requirements for storage of these electronic records as detailed in its Rule 17a-4 and in NASD Rule 3010/3110.

The rules, effective as of May 12, 2003, apply to many types of records, including financial accounting documents, all communications received and all communications sent. The Rentavault Inc. service enables clients to meet or exceed SEC and NASD regulatory compliance in regard to the preservation of financial records and electronic communications.

 

Sarbarnes-Oxley Act (SOX)

 

Requirement: Information cannot be tampered with or altered by any employee.

Rentavault: Data is always encrypted with 128-bit encryption, and Rentavault Inc. does not have access to the password.

Requirement: Trail of transactions must be discernable and kept in sequence.

Rentavault: All iterations of a document are serialized, not overwritten.

Requirement: Audit trails

Rentavault: Access is date and time-stamped by user each time a document is accessed.

Requirement: Information is available only to client's authorized personnel.

Rentavault: Client access is only through authorized personnel with the password.

Requirement: Records must be accessible.

Rentavault: All backups are immediately available 24/7.

Requirement: Certain data must be maintained for not less than 7 years.

Rentavault: Data will remain in the Rentavault Inc. vaults for as long as the client chooses to retain it. Retention is set during configuration, so once configured, the data is automatically stored for that period.

About SOX

The Sarbanes-Oxley Act (SOX) of 2002 is one of the most important laws impacting public corporations to be passed in many years. The purpose of SOX is to protect investors from a continuation of the many accounting scandals over the past decade. The SOX places the onus on companies and registered accounting firms to comply with stringent rules regarding the accuracy and reliability of specific information by strengthening maintenance requirements of records, and the auditing/reporting of these records. Some of the provisions of the Act define what must be maintained, how long relevant material must be maintained, accounting procedures requirements, and consequences (criminal and civil) for failure to follow the Act. (There is no specific language about the mechanism or method of storing information in the Act). In placing a more rigorous requirement on financial reports the storing of the records becomes vitally important because the trail of transactions must be secure. The regulated companies in choosing a storage method will therefore look to a format that will insure it can satisfy the legal requirements of the SOX, in other words, the increased use of online remote data storage facilities/programs.

Since an online computer data storage facility is not privy to the contents of the information it stores for a client, the facility is not responsible for ensuring that its customer is in compliance with what is being kept or who in the company (including independent auditors) has access; but is accountable for the availability and security of the information being stored. The online computer data storage facility must have safe guards in place to ensure quality control standards include the following:

* That information stored cannot be tampered with (altered) by any employee;
* That the client can ascertain when the information was created; (The records kept must allow a trail of transactions to be discernable so that ongoing transactions are kept in sequence.)
* That safeguard is in place to ensure that information is available only to the client's authorized personnel;
* That records are accessible whenever needed; and
* That the facility has the ability to maintain the data for the period stated in the Act. (Section 103 (a) (2) (A) (i): audit work papers and other information rating to any audit report is to be kept for a period not less than 7 years).

Last Updated (Wednesday, 07 July 2010 19:48)

 

How Long Will a Remote Backup Take?

Offices with high-speed Internet connections should find this service comparable with tape drives. Dial-up users will be able to do incremental backups in 30 to 60 minutes. The initial backup can take several nights to complete. We recommend backing up the most important files first and then selecting other files as the backup progresses. Or, the initial backup can be run over the weekend. Also, we can come to your office and make the initial backup of your system.

Last Updated (Wednesday, 30 June 2010 21:04)

 

Why Are Remote Backups Considered More Beneficial?

The data is immediately stored off-site using an automated backup system. Also, only an Internet connection is needed, completely eliminating the need for expensive backup equipment and media. And, since the system is automated, manual labor is eliminated.

Last Updated (Wednesday, 30 June 2010 21:04)

 

What If We Already Have a Tape Backup System?

Using a tape backup system and RentaVault Offsite Backup Service (OBS) offers the best of both worlds. Critical files, including billing, customer contact files and databases, can be kept on the remote backup system. The tape system can be used to create a full backup of the entire system once or twice a month, instead of on a daily basis. The tapes and drive will last longer and require less maintenance. The remote offsite backup service can provide a quick and easy way to retrieve critical files and databases without the hassle of searching through tapes.

Last Updated (Wednesday, 30 June 2010 21:05)

 
More Articles...