PRZOOM - /newswire/ -
Toronto, Ontario, Canada, 2011/03/01 - With their continuing advancements in technology, small financial firms can now use remote backup providers to achieve compliance rules such as SEC 17a-3 &17a-4 and successfully pass FINRA audits.
However, not all remote backup providers are created equal and broker-dealers, investment advisors and wealth management firms must be careful in selecting the right provider to help them achieve today’s stringent data compliance regulation. They should look for the following features when choosing a provider to outsource their remote backups.
What to look for in a remote backup provider:
Rule 17a-3 stipulates that a financial firms must protect and keep available the books and records relating to its business. This often covers a wide range of electronic records and it is vital that a remote backup provider is selected that can protect these various data formats. This must include data such as email residing on internal servers and on individual PCs such as PST files saved on users hard drives. Other documents that hold client information created with Microsoft Office Word, Excel, PDF reports and customer data imputed into databases should easily be supported. The software should be configured to initially capture a full backup of this data and then be set to run every night and backup the daily incremental changes from then on.
In addition to regular protection of this user data, a provider should have the built in ability to perform full-system state backups of critical systems to enable “bare metal” restored to alternate hardware. This will allow the quick recover of servers and their associated operating systems and programs in the case of complete failure.
2. Licensing Free Software
In choosing a remote backup provider, small firms should select a provider that does not charge software licensing. A cost based only on the amount of data stored eases administration and allows branch offices, remote and home users to be added easily to the data compliance process.
3. Completely Self Managed
Small firms can't spend valuable time managing backups. They should choose a provider who will completely administer the backup process and offer the ability to remotely connect to their software and immediately addresses problems when they arise. This should be included as part of the provider’s service to ensure missed backups do not leave gaps in a broker-dealers data compliance strategy.
4. Built-in Archiving
SEC rule 17a-4 poses particular challenges for companies because of the specific technology required to achieve the long-term retention requirements of this mandate. In choosing a remote backup provider, it is critical that a firm understands the difference between backup and archiving. By default, to keep cost low, remote backup providers only store customer’s data on a limited retention basis using quick access hard disk. This will be set within their software to overwrite files that change frequently and keep only 10 to 30 versions of changes.
Unfortunately, this is not compliant and data that changes frequently will be overwritten. Therefore, older copies of files may not be available during an audit or in the event of a disaster. An additional archiving process must be added in this case to perform regular full “snap-shots” of data at least monthly and moved to non-rewriteable optical disks. This will then be stored securely for at least 6 years. Non-rewriteable DVDs are a perfect technology for this because of their capacity, durability and low cost.
A provider’s backup software should have the ability to send automatic email reports to compliance officers for review. This will be part of the firm’s supervisory duties and a key component of their regular compliance reporting and auditing procedures.
6. Ease of recovery
In the event of a disaster it should be easy for firms to restore data back to its original location or to alternate systems. Also, during SEC audits broker-dealers may be requested to reproduce current or archived data on separate media such as USB drives, CDs or DVDs so it can easily be reviewed by auditors. Ensuring a provider can easily restore this data to common file formats on alternate media will ease the audit review process. In addition, providers should be able to integrate seamlessly with FINRA’s Small Firm Emergency Partner Program and allow data to be immediately restored to a pre-designated partner firm at a geographically separate location.
It is critical to identify critical vulnerabilities in their data compliance strategy. Due to their lack of internal staff or budgets they must look to third party provider to help them build data compliant systems. Remote backup providers are now well suited as an option for these companies to achieve today’s complex data compliance requirements.
These six things to consider in a remote backup provider has been presented to help small financial firms successfully choose between the many providers that exist today. In following the above guidelines they will have more success in choosing the correct provider. Essentially the goal is to ensure SEC audit success and quick recovery of critical records in the event of a disaster.
AdvisorVault (advisorvault.org) is the only remote backup provider specifically designed to help small finanical firms achieve today’s stringent data compliance requirements. With our designated third party status (D3P) we help small firms achieve all the required data compliance rules defined in 17a-3, 17a-4, 3510 and 3010. Our fully managed solution includes all the hardware and software and instantly plugs into the office network to remotely protect emails and all documents relating to Books and Records. Remote, home and travelling employees are easily added to the solution at no additional cost. The turn-key product is priced to fit the budget of small firms and provides remote backup, long-term archiving and disaster recovery in accordance with all current SEC and FINRA rules. Experience total data compliance – Out of the Box with AdvisorVault.