Data Security/Compliance Project of the Year
Whilst this project was not specifically a security project, a large driver for this banking archive project was compliance, with the secure storage, access control and retrieval of financial data, inline with GDPR and PCI DSS data security standards.
Following its divestment from another company, a well-known UK Retail Bank required a solution to host historic data, documents and call recordings in multiple formats from more than 20 legacy systems. The legacy data needed to be securely retained in compliance with GDPR and PCI DSS data security standards and accessible to authorised users. The client required a solution that also had the ability for its users to be able to redact and securely download documents and audio files, and to undertake targeted data purging at the end of its lifecycle in compliance with the Bank’s Retention schedule.
In order to ensure full compliance with the regulations governing the UK Banking industry, our client had a regulatory requirement to retain data for defined periods, driven by elapsed time or triggered by events. This included documents such as credit agreements, financial statements, complaints data and audio call recordings.
To migrate the required data to the new operational Banking platform would have been a costly and complex exercise, with high ongoing run costs. Their data warehouse was an unsuitable solution due to the wide variety of data formats and the need to store sensitive data subject to PCI DSS guidelines. Our client sought a cost-effective solution to address its data retention needs, support operational processes, whilst providing the level of control required to support regulatory compliance.
The Bank researched the market to assess whether any existing solutions were available that would meet all of their requirements. Whilst a small number of suppliers offered partial solutions, it appeared that there was not a comprehensive product available which met all of the requirements via a single solution.
Krome’s StorARCH solution offered the client a single solution which addressed their full storage, archiving and regulatory compliance requirements.
“We searched the market for a solution to meet our needs, but nothing quite hit the mark. StorARCH enabled us to meet all requirements without compromise.”
Head of Architecture, UK Retail Bank
StorARCH provides our client with an increase in control over historic data content and governance, supporting the stringent data retention and deletion requirements under GDPR. In addition to viewing or listening to retrieved data, the in-built StorARCH redaction functionality allows users to remove sections of data or audio files. Intelligent purge functionality was developed to enable our client to target the removal of records in line with their data retention policy and in compliance with GDPR.
• Krome’s StorARCH Private Cloud solution, with data backup and offsite DR
• Migration of 23 historic data sources, covering 20 years history, including mainframe, end user developed applications, images, documents, audio files and digitized physical media
• Role based access defined ability to search, retrieve, view, redact and securely download data