cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Is it possible for the NBU catalog to be SOX 17a-4 compliant?

Go to solution
LT2013
Level 4

‎04-14-2014 11:18 AM

Here's my latest challenge...

We've been backing up our long term retention data to encrypted LTO tapes. Evidently, this is not 17a-4 compliant. So the compliance gurus have suggested a "compensating control" in the form of having our tape database be on 17a-4 compliant storage. I don't think we can have the active NBU catalog (or perhaps the EMM DB) on write-once media. Any one else come across this requirement? I'm thinking we could backup the catalog to our DD, and purchase their compliance license, so the question now is: can I just backup the EMM database to the write-once area in DD, or do I need to do the entire catalog?

My environment is 7.5.0,6 running on Linux.

Thanks

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎04-14-2014 12:34 PM

NO NO NO - EMM is a database that is changed for each backup. You can't move either EMM or the image database to write once media.

Backup is for crash recovery not for archiving. Also backups are "images" of time. Nothing prevent data from bein written,alterted and deleted before the backup passes by. Symantec Enterprise Vault is much better product for this type of application since all changes are archived.

Pls note LTO has a special WROM (write once read many) tape cartridge that addresses the applicable conditions of SEC Rule 17a-4(f). That sould make the compliance guys happy .... for now. Netbackup also support WROM medias.

See http://www.lto.org/technology/worm.html

&

http://h30094.www3.hp.com/product/sku/10243896/mfg_partno/C7975W

Hope it helps :)

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎04-14-2014 12:34 PM

NO NO NO - EMM is a database that is changed for each backup. You can't move either EMM or the image database to write once media.

Backup is for crash recovery not for archiving. Also backups are "images" of time. Nothing prevent data from bein written,alterted and deleted before the backup passes by. Symantec Enterprise Vault is much better product for this type of application since all changes are archived.

Pls note LTO has a special WROM (write once read many) tape cartridge that addresses the applicable conditions of SEC Rule 17a-4(f). That sould make the compliance guys happy .... for now. Netbackup also support WROM medias.

See http://www.lto.org/technology/worm.html

&

http://h30094.www3.hp.com/product/sku/10243896/mfg_partno/C7975W

Hope it helps :)

0 Kudos

Go to solution
LT2013
Level 4

‎04-16-2014 09:50 AM

Thanks Nicolas.

I figured its not something that could be done. The issue is that since the  actual backup data is not on 17a-4 storage (and won't be any time soon), as a "compensating control", I am being asked if I can lock down the backup index (ie., the catalog), so that even if a tape gets somehow overwritten, the catalogue entries for that data can't be. After putting this on the forum, it occured to me that I could archive the catalog entries specific to these backups immediately after the backup completes (using bpcatlist | bpcatarc in a backup_exit_notify script). I can use our DD as a target for the archive.

0 Kudos