Blog & Events

Latest Blog

Financial Firms: How to Determine if Your Data Backup is SEC Compliant

Nov 15, 2016, 16:43 PM by Peter Ely

US regulators are cracking down on financial data security. Are you compliant?

“How can we most effectively back up our data and comply with SEC 17a-4?”

When we at KeepItSafe speak with US financial-service firms researching cloud backup providers, this is usually their key question. Indeed, it’s usually a compliance officer for the firm who initially contacts us.

Here’s how we always advise these financial-industry prospects. The technical teams at KeepItSafe are experts at implementing our customers’ strategies for maintaining the security and integrity of their data, having successfully performed thousands of backups for our financial-industry customers.

But the final decisions on how our cloud backup and recovery solutions are configured are ultimately the responsibility of the customer — in the case of the financial-services industry, usually the business’s compliance officer.

Having said that, we can offer this useful survey that a financial firm investigating a cloud backup solution should present to any would-be vendor. The more “Yes” answers the provider can give you, the more effective their cloud backup solution is likely to be — and the closer it can bring you to SEC compliance.

10 Questions to Ask Your Prospective Cloud Backup Provider
(The More “Yes” Answers, the Better):

1. Is the backed up data compressed and encrypted with AES 256bit encryption at rest and in flight?
2. Is the software FIPS 140-2 certified and do you have the certification number?
3. Can you retain detailed backup logs for 5-7 years so I can prove a single file was pushed on X date within my retention period?
4. Can you retain every single end of day version for 5-7 years of files and databases?
5. Do you have round the clock corruption detection on my files and all their versions?
6. Do you charge for backup software agents, licensing, installation, restores or support?
7. Does the backup software have an audit trail?
8. Will KeepItSafe be the designated third party (D3P)? How will you fulfill this role?
9. Can you store my data in a WORM (Write Once Read Many) format? How is this achieved?
10. Will you provide a letter I can present to auditors describing the backup service you provide?

As US regulators become more demanding in how data is stored and protected, financial firms are wise to spend time upfront talking these issues through with prospective cloud backup partners. After all, it is better to have these conversations with us now than later with a government auditor.

Patrick Rougeau
Technical Sales Engineer, KeepItSafe

Upcoming Events

Events here