Databases Reference
In-Depth Information
To protect an organization's data from physical damage, the DBA creates and implements backup and
recovery procedures as part of a disaster recovery plan. A
disaster recovery plan
specifies the ongoing and
emergency actions and procedures required to ensure data availability if a disaster occurs.
For example, a disaster recovery plan must include plans for protecting an organization's data against hard
drive failures and electrical power loss. To protect against hard drive failures, organizations often use
redundant array of inexpensive/independent drives (RAID)
, in which database updates are replicated to mul-
tiple hard drives so that an organization can continue to process database updates after losing one of its hard
drives. To protect against electrical power interruptions and outages, organizations use an
uninterruptible
power supply (UPS)
, which is a power source such as a battery or fuel cell, for short interruptions and a power
generator for longer outages.
For some functions, such as credit card processing, stock exchanges, and airline reservations, data avail-
ability must be continuous. In these situations, organizations can switch quickly to duplicate backup sys-
tems (usually at a separate backup site) in the event of a malfunction in or a complete destruction of the main
system. Other organizations contract with firms using hardware and software similar to their own so that in
the event of a catastrophe, they can temporarily use these other facilities as backup sites. Backup sites can be
established with different levels of preparedness. A
hot site
is a backup site that an organization can switch
to in minutes or hours because the site is completely equipped with duplicate hardware, software, and data.
Although hot sites are expensive, businesses such as banks and other financial institutions cannot permit any
lengthy service interruptions and must have hot sites. A
warm site
is a backup site that is equipped with dupli-
cate hardware and software but not data, so it takes longer to start processing at a warm site compared to a
hot site.
259
Often users need to retain certain data in a database for only a limited time. An order that has been filled,
reported on a customer's statement, and paid by the customer is in one sense no longer important. Should you
keep the order in the database? If you always keep data in the database as a matter of policy, the database will
continually grow. The disk space that is occupied by the database will expand, and programs that access the
database might take more time to perform their functions. The increased disk space and longer processing
times might be good reasons to remove completed orders and all their associated order lines from the
database.
On the other hand, you might need to retain orders and their associated order lines for future reference
by users to answer customer inquiries or to check a customer's past history with the company. More criti-
cally, you need to retain data legally to satisfy governmental laws and regulations and to meet auditing and
financial requirements. Examples of legal reasons for data retention that apply to many organizations are
as follows:
The
Sarbanes-Oxley (SOX) Act
of 2002 is a federal law that specifies data retention and verifica-
tion requirements for public companies, requires CEOs and CFOs to certify financial state-
ments, and makes it a crime to destroy or tamper with financial records. Congress passed this law
in response to major accounting scandals such as Enron, WorldCom, and Tyco.
●
The
Patriot Act
of 2001 is a federal law that specifies data retention requirements for the identi-
fication of customers opening accounts at financial institutions, allows law enforcement agen-
cies to search companies' and individuals' records and communications, and expands the
government's authority to regulate financial transactions. President George W. Bush signed the
Patriot Act into law 45 days after the September 11, 2001 terrorist attacks against the
United States.
●
The Security and Exchange Commission's Rule 17a-4 (
SEC Rule 17a-4
) specifies the retention
requirements of all electronic communications and records for financial and investment entities.
●
The
Department of Defense (DOD) 5015.2 Standard
of 1997 provides data management require-
ments for the DOD and for companies supplying or dealing with the DOD.
●
The Health Insurance Portability and Accountability Act (
HIPAA
) of 1996 is a federal law that
specifies the rules for storing, handling, and protecting health-care transactions.
●
The
Presidential Records Act
of 1978 is a federal law that regulates the data retention require-
ments for all communications, including electronic communications, of U.S. presidents and vice
presidents. Congress passed this law after the scandals during the Nixon administration.
●
