Understanding the difference between data backup and archiving
When it comes to satisfying today’s data compliance regulation such as SEC 17a-4, the big question FINRA firms have to ask themselves is, “What is the difference between regular data backup and data archiving?” This is important to answer, especially for small firms such as Broker-Dealers and Registered Investment Advisors because they have to outsource this process to a designated third party. Therefore, it is critical they choose the right provider, because in the end it is their responsibility to ensure data is properly protected to allow full disaster recovery and audit supervision.
Data Backup vs. Data Archiving
First of all, regular data backup is a process designed specifically for disaster recovery and is performed every night, or several time throughout the day for data that changes frequently. Furthermore, to keep the cost of compliance low, this type of backup does not retain data for long periods of time and purges it after a certain period, usually 30 days.
Also, an effective data backup plan contains extra information that is not includes in data archiving. For example, it should include the systems state configuration of critical servers so that programs and other information can be restored for a bare metal recovery of the whole system. Finally, testing restores of data backups should be done differently than data archiving. It is performed on a regular a basis and needs to be tested for restoring data back to their original location or to a secondary disaster recovery site.
Data archiving on the other hand is designed specifically for compliance supervision. It is an extra step applied to the regular daily backups which contains only electronic records related to the books and records as well as any communication between registered reps and clients, as defined by SEC rule 17a-4. Also, an effective data archiving strategy includes a supervisory interface that allows compliance officers to review the archive at any time for regular audit supervision or when requested by regulators. Testing of data archiving process is also done differently and is performed only as a sample test of certain data for a specific time period to pass audits or for regular supervisory activities. Therefore, an additional supervisory interface is required that has specific advanced features built into it to properly search or retrieve current and historical electronic records.