We have exciting news to share that further validates Scality RING for security-sensitive application data, such as in financial services. Scality RING is now certified as SEC 17a-4 compliant — a designation that gives the financial services industry full assurance that our storage solution is ready for use cases requiring Securities Exchange Commission (SEC) compliance.
This win for Scality is a data security milestone that has only been achieved by a few storage systems. It means RING has been certified by an independent third party as meeting the needs for highly secure data storage that banks, brokerage firms and other financial institutions require. Another huge benefit: because it eliminates the need for a specific storage system dedicated to compliance data, RING reduces data silos.
The requirements of SEC Rule 17a-4 — and how Scality RING meets them
SEC Rule 17a-4 regulates recordkeeping requirements, including retention periods, for the securities broker-dealer industry. It expressly allows books and records to be retained on electronic storage media if they meet certain conditions. It must prevent the overwriting, erasing or otherwise altering of a record during its required retention period. And such retention should be accomplished via the use of integrated hardware and software control codes.
RING has all the features necessary to meet these requirements. That includes WORM (write once read many) storage, meaning stored data can’t be modified or deleted. It provides policies for how long data should be stored, while still allowing exceptions for legal holds. That is, administrators in the financial industry can override a data retention policy for a legal reason. For example, if data is stored for five years, in the sixth year it remains locked for legal reasons.
RING also provides extensive audit trails to see who accessed the system and when, plus what action they performed, enabling forensic analysis of the causes of an incident or breach.
In fact, we designed RING’s Object Lock capability specifically with SEC 17a-4 and similar regulatory requirements in mind. Object Lock comes in two modes. One is governance mode, where users who have the appropriate permissions can circumvent the retention protections applied to record objects. This mode is not SEC 17a-4 compliant. Compliance mode, on the other hand, lives up to its name by applying retention protections that no one can remove from the record object. This complies with the Rule’s non-rewritable and non-erasable requirements.
Scality RING: A trustworthy storage solution for heavily regulated industries
Seven of the world’s largest banks are Scality customers, and the features described above allow them and others to build on existing big data analytics, backup, archive and private-cloud use cases to also store highly sensitive compliance-related data, such as customer record archives, trading histories, and their backups. The consolidation of stored data further reduces silos by eliminating the need for another specific storage system for compliance data only.
With this certification, the RING use cases for financial services companies expand beyond typical backup and archiving to include data that the SEC says requires special data protection— such as customer trading histories and trading records. But RING’s benefits apply to more than just the financial services industry. The certification creates trust that if some of the world’s most sensitive data from financial institutions can be stored on RING, other heavily regulated sectors like healthcare and government can trust it as well.
This win for Scality is ultimately a win for our customers. In a world that’s growing increasingly regulated and cyber-compromised, trustworthy file and object storage is essential across all industries and around the world.
If you’d like to learn more about this certification, we invite you to read the press release or download the full Cohasset Associates compliance assessment of Scality RING here.