Re: Long running backups - OK?

The text you cited doesn't state whether it is backups of data, or paper, or microfilm, or hieroglyphs on stone tablet.  Read it over again.  Slowly.  Where in the text you cited does it mention "backups"?

 >> Some laws (SOX, HIPPA, PCI, Murphy) mandate 7 years of data backups

Substantiate that assertion.  Provide a link to the text of any law that mentions the word or concept of "backup".

 >> I've done more than one audit and the regulators have always asked for backups.

Auditors always refer to records, documents, and specific information, not "backups".  They don't care about details such as the media in which records reside.

 >> I've done HIPPA audits and SOX audits.

The acronym is "HIPAA", not "HIPPA".

 >> When you have to show the regulators that you have the required records, the regulators will be appeased if you show them backups.

Pure steaming BS.  Prove it.  Show anything anywhere that substantiates this.

 >> I was working with Arup Nanda at the time he wrote his HIPPA book

Good idea.  I have cc'd him for his input.

On 1/27/18 11:48, Mladen Gogala wrote:
> Here is the relevant text, extracted from the link you provided:
>
> *Agency:*Securities and Exchange Commission.
>
> *Action:*Final rule.
>
> *Summary:*We are adopting rules requiring accounting firms to retain
> for seven years certain records relevant to their audits and reviews
> of issuers' financial statements. Records to be retained include an
> accounting firm's work papers and certain other documents that contain
> conclusions, opinions, analyses, or financial data related to the
> audit or review.
>
>
> What do you think, that the companies will keep paper? They will not.
> They will keep backups. I've done more than one audit and the
> regulators have always asked for backups, not for papers. And they
> were satisfied with the preserved backups. I've done HIPPA audits and
> SOX audits. I was working with Arup Nanda at the time he wrote his
> HIPPA book, we were both working for the now extinguished Oxford
> Health Plans. And we had CSC on site, making sure that we comply with
> HIPPA. So, there is no BS here. When you have to show the regulators
> that you have the required records, the regulators will be appeased if
> you show them backups.
>
> On 01/27/2018 01:11 PM, Tim Gorman wrote:
>> Sorry, but calling BS on that nonsense, simply untrue and utterly
>> ridiculous no matter how you view it.
>>
>> Legislation and regulations call for retention of information for
>> review during an audit, not "data backups".  The laws cite neither
>> backup nor recovery, just records and documents. Auditors are not
>> interested in zeros and ones.
>>
>> Take for example: https://www.sec.gov/rules/final/33-8180.htm
>
> On 1/27/18 10:50, Mladen Gogala wrote:
> That is not entirely true. Some laws (SOX, HIPPA, PCI, Murphy) mandate
> 7 years of data backups. They do not mandate the ability to restore.
> Theoretically, you can have a 7 years old 9i rman backup of your
> database at the time and that is fine. Nobody mandates that you need
> to have a 9i instance to restore it to. So, if the regulators, and
> that's where the Murphy's law comes into play, do an inspection of
> your IT, you need to show them 7 years of backups.  Nobody will ask
> you if you can actually restore those backups. That is how backups can
> be important.
>
>
> On 01/26/2018 02:00 PM, Glenn Travis wrote:
> Any question about backups should really be converted into a question
> on restore and recovery, because backups don't matter,
> restore/recovery from those backups matters.

--
http://www.freelists.org/webpage/oracle-l