The implications of losing power to your regulatory compliance efforts may seem secondary, but the fact is, no...
matter how secure you are about the rest of your infrastructure, lose power and it's over. There are various laws, regulations, and international conventions that impact the protection of mission-critical networks. This chart, extracted from Libert Corporation's white paper titled Regulatory Compliance and Critical System Protection, details the specifics of each law or regulation and how losing power will impact your data center.
|Regulation||Relevant Requirements||Power Implications|
|HIPAA||Where patient data is recorded, stored or transmitted there must be a record of the change and an associated permission linked to a document that has been signed by the patient||Power interruptions or disturbances can break the chain of integrity. Life safety data must be continuously available|
|FDA 21 CFR 11||Outlines criteria for accepting electronic records and signatures and for documenting and validating authroized change processes to systems and software involved in the creation of electronic documents||Requires formal risk evaluation and compliance with "current good practices." Secondary power for manufacturing considered good current practice|
|SEC 17 CFR 240||Establishes controls and procedures for electronic securities transactions||Power failures or disturbances can result in an organization being unable to verify the existence or accuracy of transaction histories|
|Sarbanes-Oxley||Guidelines for corporate governance and oversight of accounting and audit practices as well as financial record retention||Power interruptions or disturbances can break chain of integrity data|
|Basel II||Provides direction for managing capital risk, supervisory interaction, and publich risk disclosure for large banks||Power systems must provide protection across far flung enterprises|
|Gramm-Leach-Bliley||Assure privacy of customer data for financial institutions||Breaches of data security will result in regulatory scrutiny|
|Clinger-Cohen Act||Regulates firms providing IT products and services to the U.S. government||Requirements may emerge regarding data availability and security|