Whether we talk regulations or frameworks, we eventually get down to the fact that it is the IT team’s responsibility to reduce risk in financial reporting and the controls around the systems that produce the financial results.
To ensure accurate and reliable financial reports, IT teams must build a sound disaster recovery (DR) plan that addresses the recoverability and availability of these systems. High availability (HA) enters the picture when an organization requires high uptime in order to reduce risks to an acceptable level.
Preserving and providing access to this data are two ways that a high availability solution can help organizations comply with various regulations. HA ensures that business data is being continuously replicated, which reduces the risk of data loss when auditors ask. Being able to fail over to a backup box also provides peace of mind that the business financials are secure and accessible even in a disaster.
DR Compliance Requirements in COBIT
COBIT DS 4.1 through 4.10 detail IT disaster recovery planning for IT. It establishes requirements for regular testing, focusing the effort on critical resources.
In the IBM i world, we know that IBM i is a system of record and the 2017 IBM i Marketplace Survey Results show that 75 percent of IBM i shops run 50 percent or more of their core business on this platform. So, IBM i is the “critical resource” that COBIT references and the high availability solution is the tool that allows us to establish redundancy and recoverable system data necessary to comply with regulations.
Each year we see regulations being reinterpreted and new ones come out of the woodwork, like GDPR in Europe. It’s not getting any easier to stay compliant, so a tool that helps us pass audits by forcing us to develop procedures that ensure business continuity while also protecting our organization’s most valuable asset—business data—pays dividends.
Complete Compliance Toolkit
High availability is essential to minimize data loss and downtime when disaster strikes, but it is also prudent to incorporate additional controls, such as automation and security solutions, in order to build a comprehensive compliance toolkit.
These additional layers combine to reduce the risk human error and malicious acts. For example, a virus protection solution would help prevent an infection that a high availability solution would most likely replicate to the secondary server, which could prevent a successful role swap. Similarly, establishing good data retention using an automated data backup management solution would allow you to recover to a point before the virus existed.