Database Reference
In-Depth Information
s data from physical damage, the DBA creates and implements backup and
recovery procedures as part of a disaster recovery plan. A disaster recovery plan specifies the ongoing and
emergency actions and procedures required to ensure data availability if a disaster occurs.
For example, a disaster recovery plan must include plans for protecting an organization
To protect an organization
'
s data against
hard drive failures and electrical power loss. To protect against hard drive failures, organizations often use
redundant array of inexpensive/independent drives (RAID), in which database updates are replicated to mul-
tiple hard drives so that an organization can continue to process database updates after losing one of its hard
drives. To protect against electrical power interruptions and outages, organizations use an uninterruptible
power supply (UPS), which is a power source such as a battery or fuel cell, for short interruptions and a
power generator for longer outages.
For some functions, such as credit card processing, stock exchanges, and airline reservations, data avail-
ability must be continuous. In these situations, organizations can switch quickly to duplicate backup systems
(usually at a separate backup site) in the event of a malfunction in or a complete destruction of the main sys-
tem. Other organizations contract with firms using hardware and software similar to their own so that in the
event of a catastrophe, they can temporarily use these other facilities as backup sites. Backup sites can be
established with different levels of preparedness. A hot site is a backup site that an organization can switch to
in minutes or hours because the site is completely equipped with duplicate hardware, software, and data.
Although hot sites are expensive, businesses such as banks and other financial institutions cannot permit any
lengthy service interruptions and must have hot sites. A warm site is a backup site that is equipped with
duplicate hardware and software but not data, so it takes longer to start processing at a warm site compared
to a hot site.
'
262
Archiving
Often users need to retain certain data in a database for only a limited time. An order that has been filled,
reported on a customer
s statement, and paid by the customer is, in one sense, no longer important. Should
you keep the order in the database? If you always keep data in the database as a matter of policy, the data-
base will continually grow. The disk space that is occupied by the database will expand, and programs that
access the database might take more time to perform their functions. The increased usage of disk space and
the longer processing times might be good reasons to remove completed orders and all their associated order
lines from the database.
On the other hand, you might need to retain orders and their associated order lines for future reference
by users to answer customer inquiries or to check a customer
'
s past history with the company. More criti-
cally, you need to retain data legally required to satisfy governmental laws and regulations and to meet audit-
ing and financial requirements. Examples of legal reasons for data retention that apply to many organizations
are as follows:
'
The Sarbanes-Oxley (SOX) Act of 2002 is a federal law that specifies data retention and verifi-
cation requirements for public companies, requires CEOs and CFOs to certify financial state-
ments, and makes it a crime to destroy or tamper with financial records. Congress passed this
law in response to major accounting scandals such as Enron, WorldCom, and Tyco.
The Patriot Act of 2001 is a federal law that specifies data retention requirements for the identi-
fication of customers opening accounts at financial institutions, allows law enforcement agencies
to search companies
'
and individuals
'
records and communications, and expands the govern-
ment
s authority to regulate financial transactions. President George W. Bush signed the Patriot
Act into law 45 days after the September 11, 2001 terrorist attacks against the United States.
'
The Security and Exchange Commission
s Rule 17a-4 (SEC Rule 17a-4) specifies the retention
requirements of all electronic communications and records for financial and investment entities.
'
The Department of Defense (DOD) 5015.2 Standard of 1997 provides data management
requirements for the DOD and for companies supplying or dealing with the DOD.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a federal law that
specifies the rules for storing, handling, and protecting health-care transactions.
The Presidential Records Act of 1978 is a federal law that regulates the data retention require-
ments for all communications, including electronic communications, of U.S. presidents and vice
presidents. Congress passed this law after the scandals during the Nixon administration.
