Are you holding on to a ticking time bomb?
For many years, the approach most companies have had is to keep as much data as you can - almost to hoard it. It is seen as valuable and essential - only to be removed as a last resort.
However, if data is not useful to you operationally, or required to be held legally, then you should consider completely removing that data.
Reducing your company’s data footprint can lessen your exposure and minimize your risk.
Running a lean JD Edwards system helps your business be more agile. A smaller enterprise database can be restored faster.
The cost of inaction
As the quantity of data in your ERP system grows, so too does the risk of data or security breaches.
Compensation claims and fines are affected by the amount of data, and the number of data items stolen.
“A recent IBM and Ponemon Institute study looked at nearly 525 organizations in 17 countries and regions that sustained a breach last year, and found that the average cost of a data breach in 2020 stood at $3.86 million…”
“The report also found that the United States continued to experience the highest data breach costs, averaging $8.64 million per event.”
“Your organization's top leaders should understand that ERP security is a mission-critical priority, not just an IT-centric function. They should create metrics and make decisions about ERP security as part of a cross-functional group that includes IT, security, operations, finance and legal departments.”
Developing a structured and thorough retention policy for your organization’s data will ensure that the records stored in your JD Edwards system are managed effectively.
The process of building the Data Retention Policy will lead you to examine differing industry and country specific legal retention periods.
A Data Retention Policy should address compliance with statutory obligations not only for the retention but also for the disposal of data. Legal acts and in some cases supplier and or customer contracts determine how long data must be kept.
Retention of too much or too little data can result in serious implications for an organization.
Local and national governments (and other organizations) can have specific clauses in their contractual agreements, detailing what documents and data should be stored, and how long for. This gives a clear instruction that if you are dealing with these organizations, a definite amount of data should be available, if requested. That data does not have to be in a live environment, or even an on-line environment, but it should be reasonably accessible.
Listen on demand - webinar
Key Considerations to Developing a Data Retention Policy for your Organization
Listen to the 30 minute webinar, to discover the what, who, where, when and how of data retention for your organization.
The first step was to determine a Data Retention Policy which would provide the guidelines for both Archiving and Purging of data.
J.F. Shea’s IT department sought guidance from the business on developing a company Data Retention Policy. Further clarification was taken, by the business, from legal experts.
Considering the guidance and the fact that new homes are commonly covered by a 10-year builders’ warranty, it was decided that the data would be kept for 14 years from the community close out date. It was agreed upon that Communities closed over 5 years would be moved out of the production environment and into an Archive environment.
Working with each of the responsible Business Analysts and Business Unit Leaders Data Retention Policies were negotiated and agreed.
A crucial part of this process was to re-align the business customers with the purpose of the JD Edwards system. This included discussing how much data was both relevant and essential to execute and support the business process within the transactional system, versus what needed to be used for reporting across various business intelligence systems.
Justin Ellis, IT Manager – Supply Chain at La-Z-Boy went through an internal sales process to overcome misconceptions and negative connotations around purging and archiving.
There was also a feeling by some users that they needed all the data in the production environment just in case it was required.
One year on, attitudes towards archiving and purging JD Edwards data have changed dramatically. Justin is now proactively approached by users asking if they can purge and archive a certain JD Edwards module.
As your company’s JD Edwards system continues to grow, there is usually a broad consensus internally that end of life data could and should be archived. In many cases, companies look to their auditors or legal advisors to understand the official guidance around this. However, by developing a Data Retention Policy upfront, you can have a far more comprehensive approach to Data Archiving.
Once each department agrees their data retention requirements, you have a policy that can be referred to and followed for Data Archiving and Purging activities. This allows for much farther-reaching and consequently more effective Data Archiving activities.
Aggregate has put Data Retention Policies in place across many departments and continues to push forwards with this important work.
Atalian Global Services aligned the company’s Data Retention Policy with the U.S. requirement of keeping financial data for a total of seven years.
The most recent three years of Production data will be retained on the production database before being moved to the archive database for four years, meeting the U.S. requirement to retain data for seven years. Thereafter, archived data older than four years is purged from the archive database.
Links to security and compliance
articles and information *
⇒ The JD Edwards Security Checklist: 7 Steps to Protecting Your Company’s Most Sensitive Data (link to download on Syntax.com)
“Your JD Edwards systems are home to your company’s most sensitive data – making them an ideal target for attacks.
…89 percent of IT security professionals say that attacks on JD Edwards systems will increase…”
⇒ 7 best practices to ensure GDPR compliance (link to TechTarget.com)
⇒ Security in the cloud - what should you be tracking?
(link to ITProPortal.com)
⇒ What is data lifecycle management (DLM)? (link to TechTarget.com)
*please note these are links to external websites