Choosing a Remote Backup Provider - A Guide For Small Broker-Dealer Firms
Six Things Broker-Dealers Should Consider when Choosing a Remote Backup Provider Meeting Today's Demanding Requirements: With their continuing advancements in technology, remote backup providers are now being used by small broker-dealer firms to achieve today's demanding data compliance requirements.
Such as the rules outlined in SEC 17a-3, 17a-4 and the business continuity and electronic records supervision regulations contained in 3510 and 3010 from FINRA.
By using these third party providers to remotely store their critical records, broker-dealers now have a ready-made option to quickly and inexpensively transfer data from all systems across the entire operation to a remote location.
However, not all remote backup providers are created equal.
Small broker-dealer firms need to be careful in selecting the right provider to help them achieve today's stringent data compliance regulation.
They should look for the following features when choosing a provider to outsource their remote storage.
What to look for in a remote backup provider: 1.
Comprehensive Rule 17a-3 stipulates that a broker-dealer must protect and keep available the books and records relating to its business.
This often covers a wide range of electronic records and it is vital that a remote backup provider is selected that can protect these various data formats.
This must include data such as email residing on internal servers and on individual PCs such as PST files saved on users hard drives.
Other documents that hold client information created with Microsoft Office Word, Excel, PDF reports and customer data imputed into databases should easily be supported.
The software should be configured to initially capture a full backup of this data and then be set to run every night and backup the daily incremental changes from then on.
In addition to regular protection of this user data, a provider should have the built in ability to perform full-system state backups of critical systems to enable "bare metal" restored to alternate hardware.
This will allow the quick recover of servers and their associated operating systems and programs in the case of complete failure.
2.
Licensing Free Software In choosing a remote backup provider, small-broker dealers should select a provider that does not charge software licensing.
A cost based only on the amount of data stored eases administration and allows branch offices, remote and home users to be added easily to the data compliance process.
3.
Completely Self Managed Small broker-dealer firms can't spend valuable time managing backups.
They should choose a provider who will completely administer the backup process and offer the ability to remotely connect to their software and immediately addresses problems when they arise.
This should be included as part of the provider's service to ensure missed backups do not leave gaps in a broker-dealers data compliance strategy.
4.
Built-in Archiving SEC rule 17a-4 poses particular challenges for small broker-dealers firms because of the specific technology required to achieve the long-term retention requirements of this mandate.
In choosing a remote backup provider, it is critical that a small broker-dealer firm understand the difference between backup and archiving.
By default, to keep cost low, remote backup providers only store customer's data on a limited retention basis using quick access hard disk.
This will be set within their software to overwrite files that change frequently and keep only 10 to 30 versions of changes.
Unfortunately, this is not compliant and data that changes frequently will be overwritten.
Therefore, older copies of files may not be available during an audit or in the event of a disaster.
An additional archiving process must be added in this case to perform regular full "snap-shots" of data at least monthly and moved to non-rewriteable optical disks.
This will then be stored securely for at least 6 years.
Non-rewriteable DVDs are a perfect technology for this because of their capacity, durability and low cost.
5.
Reporting A provider's backup software should have the ability to send automatic email reports to compliance officers for review.
This will be part of the broker-dealer's supervisory duties and a key component of their regular compliance reporting and auditing procedures.
6.
Ease of Recovery In the event of a disaster it should be easy for broker-dealers to restore data back to its original location or to an alternate site.
Also, during SEC audits broker-dealer may be requested to reproduce current or archived data on separate media such as USB drives, CDs or DVDs so it can easily be reviewed by auditors.
Ensuring a provider can easily restore this data to common file formats on alternate media will ease the audit review process.
In addition, providers should be able to integrate seamlessly with FINRA's Small Firm Emergency Partner Program and allow data to be immediately restored to a pre-designated partner firm at a geographically separate location.
Summary Small broker-dealer firms must identify critical vulnerabilities in their data compliance strategy.
Due to their lack of internal staff or budgets they must look to third party providers to help them build data compliant systems.
Remote backup providers are now well suited as an option for these companies to achieve today's complex data compliance requirements.
These six things to consider in a remote backup provider have been presented to help small broker-dealer firms successfully choose between the many providers that exist today.
In following the above guidelines they will have more success in choosing the correct provider.
Essentially the goal is to ensure SEC audit success and quick recovery of critical records in the event of a disaster.
Such as the rules outlined in SEC 17a-3, 17a-4 and the business continuity and electronic records supervision regulations contained in 3510 and 3010 from FINRA.
By using these third party providers to remotely store their critical records, broker-dealers now have a ready-made option to quickly and inexpensively transfer data from all systems across the entire operation to a remote location.
However, not all remote backup providers are created equal.
Small broker-dealer firms need to be careful in selecting the right provider to help them achieve today's stringent data compliance regulation.
They should look for the following features when choosing a provider to outsource their remote storage.
What to look for in a remote backup provider: 1.
Comprehensive Rule 17a-3 stipulates that a broker-dealer must protect and keep available the books and records relating to its business.
This often covers a wide range of electronic records and it is vital that a remote backup provider is selected that can protect these various data formats.
This must include data such as email residing on internal servers and on individual PCs such as PST files saved on users hard drives.
Other documents that hold client information created with Microsoft Office Word, Excel, PDF reports and customer data imputed into databases should easily be supported.
The software should be configured to initially capture a full backup of this data and then be set to run every night and backup the daily incremental changes from then on.
In addition to regular protection of this user data, a provider should have the built in ability to perform full-system state backups of critical systems to enable "bare metal" restored to alternate hardware.
This will allow the quick recover of servers and their associated operating systems and programs in the case of complete failure.
2.
Licensing Free Software In choosing a remote backup provider, small-broker dealers should select a provider that does not charge software licensing.
A cost based only on the amount of data stored eases administration and allows branch offices, remote and home users to be added easily to the data compliance process.
3.
Completely Self Managed Small broker-dealer firms can't spend valuable time managing backups.
They should choose a provider who will completely administer the backup process and offer the ability to remotely connect to their software and immediately addresses problems when they arise.
This should be included as part of the provider's service to ensure missed backups do not leave gaps in a broker-dealers data compliance strategy.
4.
Built-in Archiving SEC rule 17a-4 poses particular challenges for small broker-dealers firms because of the specific technology required to achieve the long-term retention requirements of this mandate.
In choosing a remote backup provider, it is critical that a small broker-dealer firm understand the difference between backup and archiving.
By default, to keep cost low, remote backup providers only store customer's data on a limited retention basis using quick access hard disk.
This will be set within their software to overwrite files that change frequently and keep only 10 to 30 versions of changes.
Unfortunately, this is not compliant and data that changes frequently will be overwritten.
Therefore, older copies of files may not be available during an audit or in the event of a disaster.
An additional archiving process must be added in this case to perform regular full "snap-shots" of data at least monthly and moved to non-rewriteable optical disks.
This will then be stored securely for at least 6 years.
Non-rewriteable DVDs are a perfect technology for this because of their capacity, durability and low cost.
5.
Reporting A provider's backup software should have the ability to send automatic email reports to compliance officers for review.
This will be part of the broker-dealer's supervisory duties and a key component of their regular compliance reporting and auditing procedures.
6.
Ease of Recovery In the event of a disaster it should be easy for broker-dealers to restore data back to its original location or to an alternate site.
Also, during SEC audits broker-dealer may be requested to reproduce current or archived data on separate media such as USB drives, CDs or DVDs so it can easily be reviewed by auditors.
Ensuring a provider can easily restore this data to common file formats on alternate media will ease the audit review process.
In addition, providers should be able to integrate seamlessly with FINRA's Small Firm Emergency Partner Program and allow data to be immediately restored to a pre-designated partner firm at a geographically separate location.
Summary Small broker-dealer firms must identify critical vulnerabilities in their data compliance strategy.
Due to their lack of internal staff or budgets they must look to third party providers to help them build data compliant systems.
Remote backup providers are now well suited as an option for these companies to achieve today's complex data compliance requirements.
These six things to consider in a remote backup provider have been presented to help small broker-dealer firms successfully choose between the many providers that exist today.
In following the above guidelines they will have more success in choosing the correct provider.
Essentially the goal is to ensure SEC audit success and quick recovery of critical records in the event of a disaster.
Source...