19 November 2007

Global survey from Kroll Ontrack reveals major weaknesses in enterprise
compliance policies

Many companies fail to include data recovery in their compliance policies, according to a global survey carried out by Kroll Ontrack®.

78 per cent of respondents stated that they believed data recovery to be the most important component of a compliance plan but only 50 per cent said that it is part of their company’s policy. This could potentially leave them vulnerable to dire business consequences.

Regulations governing data make it clear that companies have a responsibility to protect data and make significant attempts to retrieve data that has become compromised or lost. For a company, the consequences of non-compliance can be severe, potentially resulting in financial penalties, reduced stock value, loss of customer confidence and lost sales revenue. With that said, it is surprising that 46 per cent of respondents said they were not sure if their company even had a general policy to comply with the applicable regulations.

Furthermore, given the potential consequences, it is startling that nearly half of respondents (43 per cent) said they don’t believe their companies test their backup systems to ensure data can be produced if needed. Because natural disasters, human error and software and hardware malfunctions are unpredictable, this finding reveals that critical electronic data is in jeopardy of being lost and potentially unrecoverable.

“While data recovery is becoming increasingly synonymous with disaster recovery plans, this survey reveals that data recovery has not yet been deemed a critical component of all compliance policies,” said Phil Bridge, managing director at Kroll Ontrack, UK. “Given the vast number of information-oriented regulations that have come into force, companies should ensure a preferred data recovery provider is part of their compliance plan in case a data loss situation ever ensues. The risk of neglecting to do so is too high.”

To help businesses avoid potential non-compliance penalties, Kroll Ontrack recommends not only selecting a preferred data recovery provider, but identifying the name and contact information of the provider in the overall business compliance policy. Furthermore, establishing the provider in your business’ procurement system will better ensure a smooth, efficient recovery effort if and when a data loss situation arises.