Storage solutions for legally compliant archiving

Specialist articles

Electronic archiving of important documents in companies must comply with various legal requirements. For example, documents must be archived in such a way that they

  • are protected against loss:
    The electronic archive must be set up in such a way that the archived documents cannot be lost on their way there, nor can they be deleted from the archive.
  • cannot be modified:
    Receipts and documents must be accessible in their original form. If nevertheless changes are made, these must be documented transparently.
  • are protected for the entire duration of the respective retention period:
    Business documents are subject to different retention periods, which in most cases range from 6 to 10 years. In certain industries, such as aircraft construction, retention periods of up to 30 years apply. Throughout the prescribed retention period, documents must be archived in an unchangeable, secure and seamlessly accessible manner.

For tax-relevant documents and data, for example, the GoBD apply: The “Principles for the proper keeping and storage of books, records and documents in electronic form and for data access” contain specifications for legally compliant archiving. Compliance with the GoBD facilitates the smooth conduct of tax audits. They are therefore binding for all entrepreneurs, including microenterprises and freelancers. During tax audits, the tax office checks compliance with the regulations. If deficiencies are found here, there is a risk of, among other things, generous estimates of the bases of taxation and considerable additional payments.

Software-supported archiving

Suitable software supports companies in complying with regulations and implementing legally compliant archiving. The software should offer certain functions to meet the legal requirements.

  1. WORM principle:
    “WORM” stands as an abbreviation for “write once, read many”. This means that once a file has been stored with WORM protection, it can only be read – but no more changes can be made to the file. With some storage media the WORM functionality is given from the hardware (e.g. tape or optical storage media). WORM protection can also be provided by software functions, i.e. the software protects the data from modification and only allows read access.
  2. Retention management:
    By means of retention management, the archiving software ensures that data cannot be modified or deleted during the specified retention period. This function aims at ensuring that prescribed retention periods are met.
  3. Encryption:
    Archived files must be protected from unauthorized access. Encryption and authentication functions serve this purpose.
  4. Transparent access:
    To enable users to access archived files quickly and easily, the archiving software should use standard formats and protocols.

Infrastructure optimization and multi-tier storage architecture

When introducing archiving software, the entire storage infrastructure comes into view. Companies here have the opportunity for optimization, which is usually associated with cost savings. You can read more about how a smart storage strategy and a multi-tier storage architecture can contribute to data protection in our article “Storage concepts to protect against ransomware”.

In a multi-tier storage architecture, the files that are still being worked on and with, and that are changed more frequently, are stored on the high-performance primary storage systems. Files that are no longer changed – either because of their age or because they have to be archived in an unchangeable form in accordance with legal requirements – are stored on or moved to archive storage systems.

  • The archiving software protects the archived files from deletion and modification.
  • At the same time, the software allows authorized users transparent read access to the files.

Active and passive approach for legally compliant archiving

PoINT Storage Manager is a file-based archiving software that manages the legally compliant archiving of the corresponding files:

  • It monitors the primary storage and archives the files according to previously defined rules (active approach),
  • or it provides the applications with a standardized interface via which the data is transferred to the archiving system (passive approach).

In the active approach, the software performs rule-based archiving of the files. If a file meets the criteria defined by the user (e.g. a certain age), PoINT Storage Manager takes care of legally compliant archiving.

PoINT Storage Manager, Active Approach

The passive approach enables the immediate archiving of new files which have to be stored in a legally compliant way – unchangeable and secured against deletion. For this purpose, PoINT Storage Manager provides a central archiving platform via a gateway approach. Here, archiving requirements for all applications are met and isolated solutions are avoided.

PoINT Storage Manager, Passive Approach

In both cases, the software protects the archived files in a legally compliant manner against modification and deletion, as well as against unauthorized access. The integrated retention management ensures compliance with the prescribed retention period. Users can access the archived files transparently and quickly via the familiar user interface of the primary storage system.

Conclusion

Reliable archiving software provides the functionality for companies to archive their data in a legally compliant and secure manner:

  • Protection against modification
  • Protection against accidental or intentional deletion
  • Compliance with retention periods

At the same time, it enables fast and transparent access to the archived files if they have to be presented, for example, within the scope of a tax audit. An archiving software like PoINT Storage Manager simplifies workflows and creates compliance. Furthermore, optimization and conversion to a multi-level storage architecture with primary and archive storage systems brings considerable savings potential in the long run.