Re: Long running backups - OK?

From: David Hicken <utahtoad_at_gmail.com>
Date: Sat, 27 Jan 2018 21:02:07 -0700
Message-Id: <AC52E1F4-838D-4FDC-B159-3A8E94FDF2DF_at_gmail.com>

I don’t understand how anyone that has gone through 6 audits would still call it HIPPA, and know that HIPAA has nothing to do at all with SOX. My job in my organization is HIPAA compliance and security. I probably understand HIPAA as well as anyone out there. We are audited annually. I have to be certified annually. If I showed the auditors a box of tapes, or unusable disk files, they’d laugh, if they had a sense of humor. My job, my livelihood, everything is in the line. All day. Every day. And it is not for one database, it is for close to 100 databases scattered throughout the country, accessed by hundreds of people in hundreds of hospital.

Strangely enough, in my previous job, I did the same thing with PCI, which does have issues with SOX, but that’s another day.

This conversation, at best is only slightly tangential and completely meaningingless to the OP. It is simply meant to try and stir the pot. Why?

David Hicken

"There is no reality.
It's only perception."

> On Jan 27, 2018, at 7:55 PM, Andrew Kerber <andrew.kerber_at_gmail.com> wrote:
> 
> True, it doesn’t specify the form.  But backups are typically cheaper to store than paper records. Also, hand in glove with 7 year retention is the requirement to make sure certain records are deleted after 7 years.  It’s much easier to mark data for deletion and run a delete or truncate command than it is to go out,locate, and delete paper or film records. Because of that, almost everyone does use backups rather than paper or film. 
> 
> Sent from my iPhone
>

>> On Jan 27, 2018, at 12:11 PM, Tim Gorman <tim.evdbt_at_gmail.com> wrote:
>>
>> Sorry, but calling BS on that nonsense, simply untrue and utterly ridiculous no matter how you view it.
>>
>> Legislation and regulations call for retention of information for review during an audit, not "data backups". The laws cite neither backup nor recovery, just records and documents. Auditors are not interested in zeros and ones.
>>
>> Take for example: https://www.sec.gov/rules/final/33-8180.htm
>>
>>
>>

>>> On 1/27/18 10:50, Mladen Gogala wrote:
>>> That is not entirely true. Some laws (SOX, HIPPA, PCI, Murphy) mandate 7 years of data backups. They do not mandate the ability to restore. Theoretically, you can have a 7 years old 9i rman backup of your database at the time and that is fine. Nobody mandates that you need to have a 9i instance to restore it to. So, if the regulators, and that's where the Murphy's law comes into play, do an inspection of your IT, you need to show them 7 years of backups.  Nobody will ask you if you can actually restore those backups. That is how backups can be important.
>>> 
>>> 
>>>> On 01/26/2018 02:00 PM, Glenn Travis wrote:
>>>> Any question about backups should really be converted into a question on restore and recovery, because backups don't matter, restore/recovery from those backups matters.
>>>

>>
>> --
>> http://www.freelists.org/webpage/oracle-l
>>
>>

> --
> http://www.freelists.org/webpage/oracle-l
> 
>

--
http://www.freelists.org/webpage/oracle-l

Received on Sun Jan 28 2018 - 05:02:07 CET

This message: [ Message body ]
Next message: Mladen Gogala: "Re: Long running backups - OK?"
Previous message: Andrew Kerber: "Re: Long running backups - OK?"
In reply to: Andrew Kerber: "Re: Long running backups - OK?"
In reply to Tim Gorman: "Re: Long running backups - OK?"
Next in thread: Mladen Gogala: "Re: Long running backups - OK?"
Reply: Mladen Gogala: "Re: Long running backups - OK?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message