Compliance
ServiceNow
Salesforce
Financial Services
Own Recover

How Own Solutions for SaaS Data Help Satisfy Updated SEC Rule 17a-4

Eoghan Casey
|
Field CTO | Field Technology Strategist, Own Company
No items found.

Good news for broker dealers and other covered entities using SaaS business applications such as ServiceNow and Salesforce! Now, you have greater flexibility to comply with the Securities and Exchange Commission’s electronic record-keeping requirements (SEC Rule 17a-4). 

These requirements apply to securities brokers and dealers, OTC derivatives traders, security-based swap dealers, and potentially other companies that deal in trading securities, operating in the United States.

Previously under SEC 17a-4, it was necessary to preserve records using a non-rewritable, non-erasable format (a.k.a. WORM for write once, read many). The amended requirements allow for electronic records to be stored with a cloud vendor, so long as the solution provides a complete, verifiable, time-stamped audit trail that permits the re-creation of an original record with full integrity if it is altered, overwritten, or erased.

This blog summarizes how Own (formerly OwnBackup) cloud-based solutions allow customers to implement retention policies for regulated records stored in their Salesforce, ServiceNow, or Microsoft Dynamics instance(s).

Record Retention and Recovery

The SEC Rule 17a-4 continues to require that organizations retain financial records for set durations of time. While the exact length of time varies by record type, retention periods fall within 2-6 years. This requirement can be fulfilled by using Own solutions to build custom retention policies to ensure that regulated data is kept for the proper length of time.

If a record is deleted in the original data source, Recover can be used to perform record recreation. Using the archived data, Own products provide capabilities to find and recover records that have been lost or corrupted in the original SaaS data source. Using Own’s comparative analysis features, the user identifier that last modified a record can be determined in certain situations.

Storage Redundancy

The Own infrastructure leverages encrypted, distributed object stores, in multiple zones, spanning multiple data centers, within the customer's storage region. Own then ensures the replicated data's integrity is maintained through the data lifecycle across multiple zones.

Audit Trail

Own Recover maintains an audit trail, including the date and time when backups are created. The user account performing any action is also captured in the audit trail. Own Recover does not permit users to modify or delete specific backups or records after they have been created.

The audit trail displayed in the user interface can be exported to a report in CSV format. These features fulfill the SEC Rule 17a-4 requirement that the electronic recordkeeping system have the capacity to readily download and transfer copies of a record and its audit trail (if applicable) in both a human-readable format and in a reasonably usable electronic format.

Blockchain Verify

To ensure the authenticity and reliability of archived data, Own Recover computes cryptographic hash values of copied data segments. In addition, an overall SHA256 hash value of combined segment hashes can be computed and stored in a public blockchain using Own’s Blockchain Verify solution, which supports independent integrity verification that a backup has not been changed. 

Diagram illustrating how Own Blockchain Verify uses a cryptographic signature as evidence for backup integrity

Figure: Blockchain Verify uses a computational algorithm to generate a cryptographic hash of each backup before it is written to storage, registering that hash in a public blockchain, storing backups in a compressed form, and utilizing standard security protocols. 

Own enables download of full backup index or export of any file, as well as associated metadata and hashes to validate that the data’s integrity has been maintained throughout the data lifecycle. 

For more on this topic, download our SEC Compliance Assessment ebook, which provides more details about how Own solutions help customers comply with SEC Rule 17a-4, including technical details about Blockchain Verify, or request a demo below.

Get Started

Submit your details and we will contact you shortly to schedule a custom 25-minute demo.

Book A Demo
Get Started

Submit your details and we will contact you shortly to schedule a custom 25-minute demo.

Book A Demo
Eoghan Casey
Field CTO | Field Technology Strategist, Own Company

Eoghan Casey is Vice President of Cybersecurity Strategy & Product Development at Own, creating innovative solutions for SaaS data protection and security analytics. He has 25+ years of technical leadership experience in private and public sector organizations, and is an internationally recognized expert in cyber risk mitigation and digital forensic investigation. He is on the Board of DFRWS.org and has a PhD in Computer Science from University College Dublin.

You may also like

No items found.
No items found.
No items found.
Compliance
Compliance
Compliance
ServiceNow
Salesforce
Financial Services
Own Recover

Get started

Share your details and we’ll contact you shortly to schedule a custom 25-minute demo.

Schedule a Demo