Retailers Slack Between Data Audits

By Michael
January 22, 2015

Any company that deals with data in some way is required to undergo audits to ensure it has rigorous protocols in place to prevent data loss and expedite disaster recovery. These audits can be the source of anxiety for some IT managers, as failure to comply with regulations can result in fines, citations and more audits. More importantly, however, these checks help companies to realize their shortcomings when it comes to data protection and recovery. Unfortunately, many businesses pass the audit but fail to uphold those standards in the interim between audits.

Retailers take it easy between assessments
A preview of the Verizon 2015 PCI Report showed that less than 30 percent of retailers maintain their data compliance between assessments, CSO reported. That defeats the purpose of a data audit – it is akin to memorizing information for the day of the test and then forgetting the material thereafter.

“We see compliance going down day by day, month by month, after the assessment,” Rodolphe Simonetti, managing director for Verizon’s compliance consulting, said in the preview. “Compliance is supposed to be supporting security, not just a yearly checklist.”

Additionally, many companies lacked the necessary backup tape management software to help them get back online after a breach occurs. Simonetti explained that these retailers put all of their attention into security and then hope for the best, rather than investing in reinforcements.

VaultLedger provides audit compliance
A platform from B&L Associates called VaultLedger¬†provides barcode scanning to easily access, locate and account for any backup tape. The focus on accuracy makes VaultLedger a great way to produce defensible audit trails during assessments, keeping auditors satisfied. More importantly, it’s a reliable system that gets the job done when and where you need it to.

Leave A Comment