The challenge: Audit-compliant archiving and other compliance
Banks and financial service providers must ensure audit-proof archiving of many documents. E.g. the German GoBD guidelines ("Principles for the proper keeping and storage of books, records and documents in electronic form and for data access") regulate the individual aspects of this legal obligation to retain records. The criteria for the retention of important documents are specified in detail in these principles. For example, the term "audit-proof" refers to the fact that a document can no longer be changed once it has been archived. An archived document must be retrievable in its unchanged form. This applies during the entire legally required retention period.
Banks must therefore archive documents such as account statements, balances or accounting records in an audit-proof format. Account-related documents, for example, need to be kept for 10 years. Other banking and financial documents often have longer retention periods. To achieve this, banks must create IT security. On the other hand, electronic storage must be in accordance with GoBD guidelines. This is the challenge posed by compliance.
The GoBD guidelines place high demands on financial service providers and their IT structures. At the same time, however, the banking sector in particular is frequently affected by changes in legislation and new regulations. These in turn have an impact on the IT infrastructure of the institutions. When implementing the new regulations, audit-proof archiving often takes a back seat.
Another major challenge for the IT departments of banks is the ongoing digitalization. Customers increasingly expect digitized services. Financial service providers are under competitive pressure with regard to their digital services: Here, convenient solutions must be created for the end user. At the same time, the amount of data that must be transferred to the electronic archive is growing. Here too, high-performance storage systems are required to archive data quickly, reliably and in accordance with regulations.
The demands on the storage infrastructures of banks and financial service providers are correspondingly high. This applies to both storage hardware and storage software. The infrastructures must be as powerful as they are secure. Only in this way can the institutions meet the legal requirements and satisfy the additional demands. Last but not least, costs also play an important role. The optimal storage solution for GoBD-compliant archiving must not only guarantee legally compliant archiving. It must also be economically justifiable.
Audit-compliant archiving and cost efficiency need not contradict one another
A powerful and flexible storage structure can meet these challenges. In order to meet the security requirements at reasonable cost, the optimal combination of storage hardware and storage software is essential.
It is recommended to build a multi-tiered storage architecture. Within such a storage architecture, the principle of "Information Lifecycle Management" (ILM) is applied, which is implemented by suitable software. The ILM approach provides for active data to be stored on high-performance memories. The software automatically stores inactive data on more cost-effective secondary and archive storage. This creates a multi-level and scalable storage platform that is cost-effective and at the same time enables compliance with regulations.
Different storage technologies should be used within the framework of such a multi-level storage architecture. This means that the storage architecture should be hybrid, e.g. consisting of flash, hard drives, private and/or public cloud, tape or optical.
Each storage level has different requirements in terms of performance and capacity. With primary storage, the focus is on fast access to the active data. For archive storage, the criteria of capacity and data security are the main focus. To meet these different requirements, different storage technologies should therefore be used.
With regard to costs, it is important to avoid vendor lock-in. It should be possible to combine the different storage media on the various storage levels flexibly and independently of the manufacturer. Only in this way can the storage architecture be seamlessly integrated into the existing IT infrastructure. For archiving software, this means that it must also support a wide range of storage technologies, regardless of manufacturer. In this way it can guarantee flexibility.
It is fundamental for the auditability of an archive that the archived documents cannot be changed either intentionally or accidentally. Furthermore, fast and reliable access to the archived documents must be guaranteed. This is important if in case of dispute, old data must be presented to customers, courts and auditors. In addition, the security requirements are demanding in terms of auditing acceptability.
Software solves these requirements on the one hand with reliable electronic archiving of documents for the prescribed period – the so-called data retention management. On the other hand, the software guarantees that the audit-proof archived records cannot be changed or overwritten. This is where the so-called WORM functionality comes into play. This term refers to a "write once read many" principle for the archived data, to which there is then only read access.
After all, storage media must usually be replaced after approx. 5 to 7 years due to their service life. If the storage system currently in use is technologically obsolete, the storage systems must be replaced. Then it is recommended to use software that can also perform a secure storage migration.
"The PoINT Storage Manager enables security and cost efficiency. In particular, the software helps ensure audit-compliant archiving using Information Lifecycle Management (ILM), retention management and WORM functionality", says Sebastian Klee, CMO at PoINT.
The PoINT Storage Manager for audit-compliant archiving
A software for audit-proof electronic archiving should protect against manipulation. PoINT Storage Manger protects data by Retention Management, WORM and security functions like encryption and authentication.
PoINT Storage Manager works securely and economically. It stores and archives inactive data and data to be archived on different storage levels based on rules. The user still maintains transparent data access. The software works independent of technology and manufacturer. In this way, it guarantees flexibility in the selection of storage systems. Banks and financial service providers can thus protect themselves from switching costs. If institutes want to migrate storage systems, PoINT Storage Manager takes care of that as well - without interruption. PoINT's software enables audit-proof archiving and increases efficiency and flexibility.