Wednesday, November 14, 2007

New global survey from Kroll Ontrack reveals major weaknesses in enterprise compliance policies

Minneapolis – Nov. 14, 2007 – Kroll Ontrack®, a leading provider of data recovery products and services , today announced the results of a global survey* that showed that many companies fail to include data recovery as part of their companies’ compliance policies, potentially opening themselves up to dire business consequences. Despite the fact that 78 percent of respondents believe that data recovery is the most important component of a compliance plan, only 50 percent say it is part of their company’s compliance policy.

Regulations such as SOX, HIPAA, PCI, FACTA, etc., make it clear that companies have a responsibility to protect data and make significant attempts to retrieve data that has become compromised or lost. For a company, the consequences of non-compliance can be severe, potentially resulting in financial penalties, reduced stock value, loss of customer confidence and lost sales revenue. With that said, it is surprising that 46 percent of respondents said they were not sure if their company even had a general policy to comply with the applicable regulations.

Furthermore, given the potential consequences, it is startling that nearly half of respondents, 43 percent, said they don’t believe their companies test their backup systems to ensure data can be produced if needed. Because natural disasters (i.e. the San Diego fires and Hurricane Katrina), human error, and software and hardware malfunctions are unpredictable, this finding reveals that critical electronic data is in jeopardy of being lost and potentially unrecoverable.

“While data recovery is becoming increasingly synonymous with disaster recovery plans, this survey reveals that data recovery has not yet been deemed a critical component of all compliance policies,” said Jim Reinert, vice president of data recovery and software products for Kroll Ontrack. “Given the vast number of information-oriented regulations that have been enacted, companies should ensure a preferred data recovery provider is part of their compliance plan in case a data loss situation ever ensues. The risk of neglecting to do so is too high.”

To help businesses avoid potential non-compliance penalties, Kroll Ontrack recommends not only selecting a preferred data recovery provider, but identifying the name and contact information of the provider in the overall business compliance policy. Furthermore, establishing the vendor in your business’ procurement system will better ensure a smooth, efficient recovery effort if and when a data loss situation arises.

Through its Ontrack® Data Recovery products and services, Kroll Ontrack is the largest, most experienced and technologically advanced provider of data recovery products and services worldwide. Using its hundreds of proprietary tools and techniques, Ontrack Data Recovery helps businesses and consumers recover lost or corrupted data from all types of operating systems and media and storage devices through its do-it-yourself, remote and in-lab capabilities.

About Kroll Ontrack Inc.

Kroll Ontrack provides technology-driven services and software to help legal, corporate and government entities as well as consumers recover, search, analyze, produce and present data efficiently and cost-effectively. In addition to its award-winning suite of software, Kroll Ontrack provides data recovery, advanced search, paper and electronic discovery, computer forensics, ESI consulting, and trial consulting and presentation services. Kroll Ontrack is a technology services division of Kroll Inc., the global risk consulting company. For more information about Kroll Ontrack and its offerings please visit: www.krollontrack.com; www.ontrackdatarecovery.com; www.engeniumsearch.com; www.trialgraphix.com.

* Kroll Ontrack surveyed more than 100 IT professionals in 29 countries. Respondent titles included: IT executive, non-IT executive, senior IT, IT, engineering and sales.