Lori,

Firstly, I would like to clarify that while I have seen IT people roughly
handle tape, the Data Security industry (AKA Media Vaults) go out of their
way to ensure tape is handled professionally.

Secondly, I am amazed by your response to HIPPA and SOX by storing tapes in
locked cases.

From a HIPPA perspective a locked box is really not going to stop anyone who
wants to read confidential information from reading it, the only secure way
of ensuring this is to encrypt the data on the tapes.

From a SOX perspective, I do not see how hiding tapes away in a box helps
fulfill the goals of SOX. It is kind of like saying that post Enron that you
can now only use Aurther Anderson auditors if they are also deaf mutes.

I usually measure the quality of a Data Security firm by which product they
push. It is far easier to store your tapes in a locked container than take
responsibility for all of your individual tapes, this is why many vaults
encourage you to do it.

My advice to people when choosing an offsite provider is to look for one you
can trust rather than one that works on the premise that you can not trust
them with anything but the storage of a locked box.

They are out there, and they are often not the people who lost a Bank of
America tapes.

Some of the disadvantages of storing in locked boxes are:

(1) The vault can not check for irregularities such as the same tape being
sent offsite every day, or no tapes at all.
(2) The vault can not report to you on tape damage.
(3) If you are running a TMS your vault can not compare what was meant to go
offsite with what is actually sent offsite (this is critical).
(4) If you want one tape back you have to call back the whole case (and if
you do not know what case it is people often call back all cases). This
leaves you far more exposed than you have to be.
(5) It puts the whole management burden on the customer.

Large banks and the like have been sending tapes offsite for decades and
have very refined DR plans. Almost all of these companies store in open
shelving in media vaults.

Usually, only small business store in boxes. These companies usually have
less refined DR plans.

Go figure...

Gerard


On Thu, 17 Mar 2005 10:41:46 -0700, Lorie Mcaleb <[log in to unmask]>
wrote:

>Jeff,
>My understanding of e-vaulting is storing the data off site as a
>disaster
>Recovery method rather than moving tapes back and forth. This saves the
>Contracting company time and storage to physically pick up the tapes.
>The data is backed up to their servers and stored, updated at a schedule
>determined by you the customer.
>I looked into this recently and the concerns we had was access to the
>data, the idea that the data never goes away (on their
>servers)regardless of what techniques are use to "scrub" the drives, and
>the requirements to get the data to the vendor. We opted for backing up
>the data and moving the tapes off site. To avoid the "hockey puck use"
>and meet HIPAA/SOX concerns we store the tapes are in a locked
>container, secured so only our employees have access to them. The case
>is swapped weekly by our employees. This may be a unique situation since
>we lease a "vault" for offsite storage at a facility near our main
>location.
>
>Thank you,
>Lori McCaleb

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance