Regulatory Compliance and Operational Readiness: Complementary but Never Synonymous

Topics: Cloud Backup | Data Archive | Govern Information

Download PDF


Recovering from a disaster or outage is a frightening prospect to ponder. Things get even scarier when you remember that disaster recovery is just the beginning of what you need to think about and act on—especially if you are responsible for IT at an organization in a regulated industry.Without doubt, you can count on these realities:

  • Compliance is becoming ever-more rigorous and laborious.
  • Mandates, rules, and regulations continue to proliferate in the U.S. and worldwide. One major multinational law firm that specializes in regulatory and government affairs has published an overview of just the data protection laws and regulations in effect as of March 2012 across 58 countries. The summary-level document spans 274 pages.1
  • Even a “small” business disruption will likely have a big negative effect if you are ill-prepared to recover from it.

This paper discusses the differences between regulatory compliance (passing an audit) and operational readiness (being able to recover an IT environment). It summarizes a few of the key regulations germane to several highly regulated industries. Near the end of the paper, you’ll find a section that evaluates a relevant Iron Mountain offering, the Iron Mountain Archival Tape Management solution, including an assessment of its capabilities in respect to the interrelated yet distinct topics of regulatory compliance and operational readiness.