10 July 2008

RISK MITIGATION STRATEGY FOR STORED DATA CRITICAL FOR NATIONAL GREENHOUSE AND ENERGY DATA REPORTING REQUIREMENTS

Sydney – 10 July 2008 – Kroll Ontrack®, a leading provider of data recovery and legal technologies products and services, today advised companies publicly disclosing their corporate level greenhouse gas emissions and energy information to ensure that their corporate data remains accessible and available at all times during the lengthy reporting cycles.

Under the terms of the National Greenhouse and Energy Reporting Act 2007 (NGER Act) major emitter organisations are now required to have a reporting system for corporate greenhouse gas emissions, energy production and consumption. Although data collection begins immediately, organisations have until 31 August 2009 to apply to register and until 31 October 2009 to submit their reports under the Act.

“While most organisations affected by the legislation in its first reporting period (1 July 2008 - 30 June 2009) should have systems or processes in place for reporting, one of the most important aspects to regulatory compliance is the 100 per cent accessibility to the stored data during and beyond the reporting requirement period,” says Adrian Briscoe, APAC General Manager, Kroll Ontrack.

Kroll Ontrack believes that organisations reporting under the NGER Act should adopt a data management strategy of ‘Keep it, Secure it, and Preserve it.’ While this can mean extra equipment and IT policies to maintain control over information that users may have previously horded on their own individual computers, one of the least reported risks to electronic information is storage system failure.

As a result, Kroll Ontrack advises that IT managers implement a risk mitigation data recovery program for reporting purposes. This should include regular check-ups to:

  1. Ensure that disk arrays don’t report failed drives. Physically check that all drive lights are showing hard drives as ‘online.’ Avoid forcing an array or drive back online. There is usually a valid reason for a controller card to disable a drive or array. Forcing an array back online may expose the volume to file system corruption.
  2. Replace a failed drive if one is needed. When rebuilding a single failed drive, it is important to allow the controller card to finish the process. If a second drive should fail or go off-line during this process, stop and get professional data recovery services involved. During a rebuild, replacing a second failed drive may change the data on the other drives.
  3. Stop disk-checking utilities that are running on servers and reporting errors on data volumes. Utilities such as CHKDSK can cause damage to a physical or logical volume. IT managers can run CHKDSK in report mode only and then consider accepting the changes it reports.
    During an outage, if the problem escalates up to the OEM technical support team, always ask “Is the data integrity at risk?” or, “Will this damage my data in any way?” If the technician says that there may be a risk to the data, then stop and get professional data recovery services involved.
  4. Ensure doing the recovery yourself is the right move. Some IT departments may have staff that has experience with automated data recovery or hard disk storage utilities. Depending on the cause of the data loss, these tools could actually limit recovery efforts because the drive is experiencing intermediate failures. In addition, some utilities on the Internet are ‘free’ and promise to fix problems on hard drives. Verify the source of the software and make sure that it comes from a reputable company that has a standardised development and quality assurance process. Untested software can yield unpredictable results. Never write changes to the “a” drive prior to understanding the consequences.

“With such lengthy data reporting cycles such as those under the NGER Act, companies need checks and balances in place to preserve the information and data. While the best way to avoid permanent data loss is to have an established relationship with a data recovery company, our check-up measures will help IT departments increase chances for successful recovery if and when data loss and ensues. However, user beware, there is no such thing as the perfect backup,” says Briscoe.

Under the terms of the NGER Act, organisations will need to submit a report for the 2008-2009 financial year if they emit 125 kilotonnes or more of greenhouse gases (measured in CO2 equivalent) or produce or use 500 terajoules or more of energy each year; or have operational control of facilities that emit 25 kilotonnes or more of greenhouse gases (measured in CO2 equivalent), or use or produce 100 terajoules or more of energy per year.

About Kroll Ontrack Inc.

Kroll Ontrack provides technology-driven services and software to help legal, corporate and government entities as well as consumers recover, search, analyze, produce and present data efficiently and cost-effectively. In addition to its award-winning suite of software, Kroll Ontrack provides data recovery, advanced search, paper and electronic discovery, computer forensics, ESI consulting, and trial consulting and presentation services. Kroll Ontrack is a technology services division of Kroll Inc., the global risk consulting company. For more information about Kroll Ontrack and its offerings please visit: www.krollontrack.com; www.ontrackdatarecovery.com; www.engeniumsearch.com; www.trialgraphix.com