When data professionals think about regulatory compliance we tend to consider only data in our production databases. After all, it is this data that runs our business and that must be protected. So we work to implement database auditing to know who did what to which data when; or we tackle database security and data protection initiatives to protect our data from prying eyes; or we focus on improving data quality to ensure the accuracy of our processes.
These are all worthwhile endeavors, but focusing exclusively on active, production data is insufficient to ensure compliance. Improved backup and recovery practices and procedures must be an essential component of your compliance plans.
Ensuring the integrity and availability of your databases is the primary focus of backup and recovery planning. Indeed, recoverability must be the primary objective of every DBA—not performance, as some assume. After all, if the data is nonexistent because it cannot be recovered who cares how fast you can access the database, right?
But what about compliance and regulations? Let’s examine database recovery through the lens of COBIT.
COBIT is a framework of IT best practices that companies can use to improve management over their IT organizations, to improve the value of IT, and to ensure that the goals of the IT organization are aligned with the goals of the business. COBIT is about recognizing and safeguarding the value of information as a corporate asset by identifying and managing risks and ensuring corporate governance via effective controls. The crux of COBIT is to link IT and business goals, identify responsibilities of business and IT owners, and to monitor performance, evaluating it against metrics and maturity models.
The COBIT framework consists of 34 specific control objectives, organized into four domains: Plan and Organize (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The COBIT practices are business-focused, process-oriented, measurement-driven, and control-based. Best practice frameworks like COBIT are vital tools for ensuring compliance with regulations such as Sarbanes-Oxley (SOX).