The implications of losing power to your regulatory compliance efforts may seem secondary, but the fact is, no matter how secure you are about the rest of your infrastructure, lose power and it's over. There are various laws, regulations, and international conventions that impact the protection of mission-critical networks. This chart, extracted from Libert Corporation's white paper titled Regulatory Compliance and Critical System Protection, details the specifics of each law or regulation and how losing power will impact your data center.
| Regulation |
Relevant Requirements |
Power Implications |
| HIPAA |
Where patient data is recorded, stored or transmitted there must be a record
of the change and an associated permission linked to a document that has been
signed by the patient |
Power interruptions or disturbances can break the chain of integrity. Life
safety data must be continuously available |
| FDA 21 CFR 11 |
Outlines criteria for accepting electronic records and
signatures and for documenting and validating authroized change processes to
systems and software involved in the creation of electronic documents |
Requires formal risk evaluation and compliance with "current
good practices." Secondary power for manufacturing considered good current practice |
| SEC 17 CFR 240 |
Establishes controls and procedures for electronic securities
transactions |
Power failures or disturbances can result in an organization being
unable to verify the existence or accuracy of transaction histories |
| Sarbanes-Oxley |
Guidelines for corporate governance and oversight of accounting
and audit practices as well as financial record retention |
Power interruptions or disturbances can break chain of
integrity data |
| Basel II |
Provides direction for managing capital risk,
supervisory interaction, and publich risk disclosure for large banks |
Power systems must provide protection across
far flung enterprises |
| Gramm-Leach-Bliley |
Assure privacy of customer data for financial
institutions |
Breaches of data security will result in regulatory
scrutiny |
| Clinger-Cohen Act |
Regulates firms providing IT products and services
to the U.S. government |
Requirements may emerge regarding data availability
and security |
