EXPERT RESPONSE
This is a common concern for many organizations and it requires a few solutions that work together in a synergistic manner. Although your question pertains to an organization's intellectual property, you may also need to look at this issue from a regulatory perspective. Different regulations require organizations to retain certain types of records for specific amounts of time. Therefore, there is not only the threat of losing work that the company has paid to be completed, but also penalties of being non-compliant to certain laws and regulations. Not properly protecting data can also bring about lawsuits and potentially criminal offenses. However, because the crux of this question is about productivity degradation, let's examine it from this perspective.
One of the best ways to handle this situation is to create a holistic backup solution. In many software development environments, programmers must save their work to a central source save database, which is usually backed-up each night. This ensures that work is not lost if a hard drive fails.
You could also setup automated backup jobs to back up specific directories on servers and workers' workstations. This can occur each night or every Friday night depending on what makes sense for your organization. With this approach an organization would retain a good amount of data that can potentially be used if an employee leaves the company. It would be wise to include a clause in your policy that informs employees that if they want to access a Web site, they will have to physically sign or click 'Yes.' Doing so, will help you avoid someone claiming to have had an expectation of privacy. You should also consult with your legal counsel when creating this policy to make sure your company is properly protected.
Another more costly approach is to implement a storage area network (SAN). Companies usually implement SANs because they have a lot of data to store and keep track of, not because they are afraid of the data leaving the organization, so this could be overkill for your needs.
Finally, your organization can look at various data backup solutions, SANs, email archiving systems and electronic content management repositories.
If you're interested in learning about email archiving, visit our sister site SearchSMB.com to read the tip, Top 10 best practices for email archiving:
http://searchsmb.techtarget.com/tip/1,289483,sid44_gci1159997,00.html
To learn more about data retention and archiving, please review the following Web site: http://www.complianceresources.org/solutions/record_retention.html
Although there isn't necessarily a standard on how to write a retention policy, the following SANs paper provides some direction and a template:
http://www.sans.org/rr/whitepapers/backup/514.php
The following are some example policies:
http://www.pitt.edu/~provost/retention.html
http://www.olemiss.edu/depts/telephone_exchange/Records/RECORDS.htm
http://process.umn.edu/groups/ppd/documents/policy/record_retention.cfm
http://www.dartmouth.edu/~osp/resources/policies/dartmouth/dataretention.html
For More Infomation:
Create an effective storage security policy.
Learn how to create and manage security policies.
|
