Assessment of Hitachi Data Systems (HDS) Hitachi Content Platform (HCP) For Dodd-Frank Compliance



Similar documents
White Paper: Financial Services Compliance

HP StorageWorks Reference Information Storage System Designed to Assist Financial Services Organizations Comply with Retention Requirements

How To Use The Hitachi Content Archive Platform

An Evaluation of Hitachi Content Archive Platform

Abstract. SEC 17a-4(f) Compliance Assessment. Technical Report. Prepared by Cohasset Associates, Inc.

orldox GX3 Cloud for Financial Services Worldox GX3 Cloud Compliance Outline The Best of both Worlds. / Whenever. Wherever.

iternity icas Solution

MICROSOFT EXCHANGE ONLINE ARCHIVING, DATA RETENTION AND RULE 17A-4 COMPLIANCE DATE: SEPTEMBER 22, 2015

The ComplianceVault Archiving & Retrieval Appliance and the SEC a-4 Requirements

ELECTRONIC RECORD AND SIGNATURE COMPLIANCE. NASD Rules 3010(d) and 3110(c)(1)(C) SEC Rule 17a-4 15 USC 7001 et. seq. (E-SIGN)

Record Keeping and Call Recording for Dodd-Frank. A guide to regulatory compliance

How To Preserve Records In A Financial Institution

Top Technology Challenges Thursday, May 28 3:00 p.m. 4:00 p.m.

RECORDS TO BE PRESERVED BY CERTAIN EXCHANGE MEMBERS, BROKERS AND DEALERS SEA Rule 17a-4

Rackspace Archiving Compliance Overview

EMC White Paper EMC Xtender Provides Records Management for Microsoft Exchange Server 2003

Hitachi Content Platform as a Continuous Integration Build Artifact Storage System

Hitachi NAS Platform and Hitachi Content Platform with ESRI Image

Compliance Solutions FOR BROKER-DEALERS. Archiving the financial services world. message archive search message archive search message archive search

Hitachi Content Platform. Andrej Gursky, Solutions Consultant May 2015

IBM System Storage DR550

Union County. Electronic Records and Document Imaging Policy

SOLUTION BRIEF KEY CONSIDERATIONS FOR BACKUP AND RECOVERY

WHITEPAPER. The Companion Guide to FINRA/SEC Social Networking Compliance

S O L U T I O N S B R I E F. Active Archive. A Blueprint for Long-term Preservation of Business-critical Digital Data. Hitachi Data Systems

EMC arhiviranje. Lilijana Pelko Primož Golob. Sarajevo, Copyright 2008 EMC Corporation. All rights reserved.

EMC DATA DOMAIN RETENTION LOCK SOFTWARE

Financial Advisor Focus White Paper. How Digital Document Management Solutions Support Compliance

REDUCE COSTS AND COMPLEXITY WITH BACKUP-FREE STORAGE NICK JARVIS, DIRECTOR, FILE, CONTENT AND CLOUD SOLUTIONS VERTICALS AMERICAS

SPOTLIGHT ON. Advisors Recordkeeping Obligations

POLICY AND GUIDELINES FOR THE MANAGEMENT OF ELECTRONIC RECORDS INCLUDING ELECTRONIC MAIL ( ) SYSTEMS

VMware vsphere Data Protection 6.0

How to Manage Unstructured Data with Hitachi Content Platform from OnData

How to Manage Critical Data Stored in Microsoft Exchange Server By Hitachi Data Systems

Dionseq Uatummy Odolorem Vel Layered Security Approach

The Economics of File-based Storage

VMware vsphere Data Protection 5.8 TECHNICAL OVERVIEW REVISED AUGUST 2014

Hitachi Cloud Service for Content Archiving. Delivered by Hitachi Data Systems

-Archiving Regulatory Compliance for Small and Midsized Firms (SMBs)...a Whitepaper by Sony and Intradyn

CA Message Manager. Benefits. Overview. CA Advantage

DELAWARE PUBLIC ARCHIVES POLICY STATEMENT AND GUIDELINES MODEL GUIDELINES FOR ELECTRONIC RECORDS

Brown County Information Technology Aberdeen, SD. Request for Proposals For Document Management Solution. Proposals Deadline: Submit proposals to:

XenData Archive Series Software Technical Overview

How To Use A Court Record Electronically In Idaho

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

Archiving Compliance Storage Management Electronic Discovery

Management of Official Records in a Business System

NASAA Recordkeeping Requirements For Investment Advisers Model Rule 203(a)-2 Adopted 9/3/87, amended 5/3/99, 4/18/04, 9/11/05; Amended 9/11/2011

Planning and Implementing Disaster Recovery for DICOM Medical Images

The Microsoft Large Mailbox Vision

7Seven Things You Need to Know About Long-Term Document Storage and Compliance

39C-1 Records Management Program 39C-3

Add the compliance and discovery benefits of records management to your business solutions. IBM Information Management software

PRIME IDENTITY MANAGEMENT CORE

Countdown to Compliance

EMC DATA DOMAIN OPERATING SYSTEM

Designing, Optimizing and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008

Multi-Terabyte Archives for Medical Imaging Applications

Keys to Successfully Architecting your DSI9000 Virtual Tape Library. By Chris Johnson Dynamic Solutions International

IBM Tivoli Storage Manager

Sarbanes-Oxley Assessment

The biggest challenges of Life Sciences companies today. Comply or Perish: Maintaining 21 CFR Part 11 Compliance

MS Design, Optimize and Maintain Database for Microsoft SQL Server 2008

EMC DATA DOMAIN OPERATING SYSTEM

Lab Validation Report

Archiving: Session ID: More Than Just Compliance. Frank Orlando

Enterprise Backup Overview Protecting Your Most Important Asset

Developing a Records Retention Program

Perforce Backup Strategy & Disaster Recovery at National Instruments

Cloud Computing: Legal Risks and Best Practices

Why You Should Consider Cloud- Based Archiving. A whitepaper by The Radicati Group, Inc.

Nexsan Assureon for Healthcare Introduction

VMware vsphere Data Protection 6.1

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Understanding EMC Avamar with EMC Data Protection Advisor

GREATER TEXAS FEDERAL CREDIT UNION RECORDS PRESERVATION PROGRAM

Oracle WebCenter Content

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Pacific Life Insurance Company

Life Cycle of Records

Unstructured data in the enterprise

Microsoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010

Symantec NetBackup OpenStorage Solutions Guide for Disk

Solving the long term archiving challenges with IBM System Storage Archive Manager Solutions

IBM Tivoli Storage Manager Version Introduction to Data Protection Solutions IBM

STATE OF NEBRASKA STATE RECORDS ADMINISTRATOR DURABLE MEDIUM WRITTEN BEST PRACTICES & PROCEDURES (ELECTRONIC RECORDS GUIDELINES) OCTOBER 2009

The Impact of 21 CFR Part 11 on Product Development

Transcription:

Assessment of Hitachi Data Systems (HDS) Hitachi Content Platform (HCP) For Dodd-Frank Compliance 1. Executive Summary Assessment Goal LiquidHub Consulting was engaged by Hitachi Data Systems ( HDS ) to assess the Hitachi Content Platform ( HCP ) for compliance with Dodd-Frank and related SEC, NASD, and CFTC regulations. The goal of this assessment is to certify that HCP is in compliance with the various regulatory guidelines. The governing rules for Dodd-Frank, NASD, and CFTC with regard to records and record retention are contained within SEC Rule 17a-3 and SEC Rule 17a-4. Rule 17a-3 pertains to which records and governance of the records needed to be retained and Rule 17a-4 deals with the methods and requirements of storage by which the records will be maintained. Assessment Summary LiquidHub s assessment of HCP has found HCP fully in compliance with all aspects of Dodd-Frank, SEC, NASD and CFTC requirements. LiquidHub looked at all pertinent regulator rules governing storage media and retention capabilities to satisfy the Dodd-Frank legislation, SEC, NASD, and CFTC rules. Dodd-Frank passes the responsibilities of the implementation for the rules to the regulatory authorities of SEC, NASD, and CFTC. Specific to rules governing retention devices and software, SEC Rule 17a-4 is the governing regulation, which all other regulatory bodies defer. With regard to record storage and retention, the governing rules are contained within the SEC Rule 17-4 sections 17a- 4(f)(2)(ii) through 17a-4(f)(3)(iv) Section 4 (Assessment Compliance Matrix) of this report. SEC Rule 17a-4 Sections LiquidHub has determined that HCP is in full compliance with SEC 17a-4(f)(2)(ii)(A) with regard to preserving records exclusively within a non-rewriteable/non-erasable format. LiquidHub has determined that HCP is in full compliance with SEC 17a-4(f)(2)(ii)(B) with regard to automatic and ongoing verification of the quality and accuracy of all indexes and records stored within the appliance. LiquidHub has determined that HCP is in full compliance with SEC 17a-4(f)(2)(ii)(C) and Rule 17a-4(f)(3)(iv)A with regard to serialization of original and duplicate content and time and date of all records. LiquidHub has determined that HCP is in full compliance with SEC 17a-4(f)(2)(ii)(D) and Rule 17a-4(f)(3)(iv)A with regard to HCP and HDDS ability to search and download indexes and records in any format required by any of the regulator bodies governing Dodd-Frank. LiquidHub has determined that HCP is in full compliance with SEC 17a-4(f)(3)(i) with regard to having search indexes and documents available for examination of original qualities, such as the file format, physical appearance, content, and metadata and policy information. 2001 2013 LiquidHub, Inc. All rights reserved. 1

LiquidHub has determined that HCP is in full compliance with SEC 17a-4(f)(3)(ii) with regards to producing facsimile enlargements of any document. This is accomplished by storage and retrieval of original documents through HCP s WORM functionality in immutable format. LiquidHub has determined that HCP is in full compliance with SEC 17a-4(f)(3)(iii) and Rule 17a- 4(f)(3)(iv)A with regards to duplication of indexes and records and the duplicated copies being stored separately (on-site and off-site) from the original copies. The Assessment Compliance Matrix details all parts of the regulations with the corresponding feature and capability of HCP that makes the platform fully compliant. LiquidHub in its assessment exclusively relied upon information supplied by Hitachi Data Systems through internal and external documentation, and interviews with Hitachi Data Systems representatives. LiquidHub did not evaluate HCP in a live or laboratory setting or otherwise field-test any Hitachi Data Systems products. 2001 2013 LiquidHub, Inc. All rights reserved. 2

2. The Regulations Dodd Frank Dodd Frank imposes new record-keeping, reporting and disclosure requirements on all Investment Advisers, Broker Dealers, and newly deemed Major Swap Participants. In all cases, registered advisers will be required to maintain records relating to their business activities as mandated by Rule 17a-4 of the Securities Exchange Act (Broker Dealers) and Rule 204-2 of the Investment Advisors Act (Investment Advisors). Dodd-Frank adds new, confidential reporting requirements which compels virtually all advisers to disclose to the SEC/CFTC their trading and investment positions, practices, and exposures that relate to systemic risks, e.g., assets under management, use of leverage including off balance sheet leverage, exposures to particular counter-parties and types of securities, credit risk exposures, calculation policies, side letters. Dodd-Frank also commands that registered entities will have to provide any other information the SEC/CFTC and the Financial Stability Oversight Council (FSOC), the new systemic risk regulator, deems necessary and appropriate. Dodd-Frank legislation contains broad language with regards to the methods for data retention such as hardware and software. Dodd-Frank passes the responsibilities for the implementation rules to the regulatory authorities of SEC, NASD, and CFTC. Specific to rules governing retention devices and software, SEC Rule 17a-4 is the governing regulation, which all other regulatory bodies defer. SEC Rule 17a-3 and SEC Rule 17a-4 SEC Rule 17a-3 and 17a-4 are part of the US Securities Exchange Act of 1934 (Known simply as the "Exchange Act"), which outlines requirements for which records need to be maintained, plus data retention, indexing, and accessibility of records, for companies which deal in the trade, or brokering of financial securities such as stocks, bonds, and futures. SEC Rule 17a-3 SEC Rule 17a-3 pertains to the types of records and duration retained. 17a-3 requires broker-dealers to make certain records, including trade blotters, asset and liability ledgers, income ledgers, customer account ledgers, securities records, order tickets, trade confirmations, trial balances and various employment related documents. SEC Rule 17a-4 Under Rule 17a-4, electronic records must be preserved exclusively in a non-rewriteable and nonerasable format. This interpretation clarifies that broker-dealers may employ a storage WORM media (write once read many) is used for compliance with Rule 17a-4. Also, the member, broker or dealer must be stored separately from the original. This duplicate copy of the record must be stored on any medium acceptable for the required. 2001 2013 LiquidHub, Inc. All rights reserved. 3

According to the rule, records of numerous types of transactions must be retained and indexed on indelible media with immediate accessibility for a period of six months, and with non-immediate access for a period of at least two years. Rule 17a-4 is commonly grouped with SEC Rule 17a-3. Together, these rules broadly require: Written, enforceable retention policies A searchable index of all data stored Viewable and readily retrievable data Offsite storage of data Storage of data on WORM (write once read many) http://www.sec.gov/rules/interp/34-47806.htm (SEC Interpretation: Electronic Storage of Broker-Dealer Records) The most important rules governing Dodd-Frank, NASD, and CFTC compliance are stated within SEC Rule 17a-4, listed below is a summary of those rules: 1: Preserve the records exclusively in a non-rewriteable, non-erasable format. (Write Once Ready Many (WORM) devices. 17a-4(f)(2)(ii)(A) 2: Verify automatically the quality and accuracy of the storage media recording process. The intent of this rule is to provide some level of confidence that the record has actually been stored.(17a-4(f)(2)(ii)(b) 3: Serialize the original and, if applicable, duplicate units of storage media, and time-date for the required period of retention the information placed on such electronic storage media. 17a- 4(f)(2)(ii)(C) 4: Have the capacity to readily download indexes and records preserved on the electronic storage media to any medium acceptable under this paragraph (f) as required by the Commission or the self-regulatory organizations of which the member, broker, or dealer is a member. 17a-4(f)(2)(ii)(D) 5: At all times have available, for examination by the staffs of the Commission and selfregulatory organizations of which it is a member, facilities for immediate, easily readable projection or production of micrographic media or electronic storage media images and for producing easily readable images. 17a-4(f)(3)(i) 6: Be ready at all times to provide, and immediately provide, any facsimile enlargement which the staffs of the Commission, any self-regulatory organization of which it is a member, or any State securities regulator having jurisdiction over the member, broker or dealer may request. 17a-4(f)(3)(ii) 7: Store separately from the original, a duplicate copy of the record stored on any medium acceptable under Rule 17a-4 for the time required. 17a-4(f)(3)(iii) 2001 2013 LiquidHub, Inc. All rights reserved. 4

8a: Organize and index accurately all information maintained on both original and any duplicate storage media. 17a-4(f)(3)(iv)(A) 8b: At all times, a member, broker, or dealer must be able to have such indexes available for examination by the staffs of the Commission and the self-regulatory organizations of which the broker or dealer is a member. 17a-4(f)(3)(iv)(A) 8c: Each index must be duplicated and the duplicate copies must be stored separately from the original copy of the index. Original and duplicate indexes must be preserved for the time required for the indexed records. 17a-4(f)(3)(iv)(A) NASD 3010 and 3110 Currently, there are two general record-keeping rules in effect under NASD Rules and NYSE Rules. NASD Rule 3110(a) requires each member to make and preserve books, accounts, records, memoranda, and correspondence in conformity with all applicable laws, rules, regulations and statements of policy promulgated thereunder, with FINRA s Rules, and as prescribed by Exchange Act Rule 17a-3 & 17a-4. NASD Rule 3110(a) further states that the record keeping format, medium, and retention period shall comply with Exchange Act Rule 17a-4. NYSE Rule 440 also sets forth the general obligation of members to make and preserve books and records. CFTC Reg 1.31 (b-c) Commission Regulation 1.31 sets forth certain recordkeeping requirements imposed by the CEA and Commission regulations. Subsection (a) describes the general rule. It mandates that all records required to be kept by the Act or Commission regulations ("required records") be maintained for five years and be kept "readily accessible" during the first two years. It also defines the inspection and production rights of representatives of the Commission and the Department of Justice. Subsections (b) and (c) establish alternative requirements for required records that are stored as reproductions. Record-keepers that fulfill the conditions for alternative treatment may dispose of original required records. Eligibility for alternative treatment is limited to particular classes of records that are reproduced on microfilm, microfiche, or optical disk. Computer and machine-generated records are immediately eligible for reproduction and storage on one of the alternative media. Most other required records become eligible after two years of storage. Trading cards and written customer orders are ineligible; originals must be maintained for the full fiveyear period. Subsection (c) describes the special inspection and production conditions applicable to record-keepers that choose to store reproductions rather than original required records. Rule 1.31 subsections b and c must comply as prescribed by Exchange Act Rule 17a-3 & 17a-4. 2001 2013 LiquidHub, Inc. All rights reserved. 5

3. HCP Functionality Overview Hitachi Content Platform HCP provides an active archive environment for fixed-content with a single online repository that enables protection, search, and retrieval across all content types. HCP is based on a unique SAN-based architecture that leverages Hitachi storage capabilities for availability, performance, and multipetabyte scalability. HCP provides authentication and secure retention of content to ensure its longterm preservation and accessibility in an active fixed-content archive storage environment. HCP is designed to enable archiving of fixed content in a manner that: Ensures content integrity, authenticity, security, completeness and accessibility over the long term, in accordance with relevant laws and regulations Offers fast, online access to content Allows integrated searching and indexing of the archive, including search of file contents Supports business continuity, data recovery, compliance search and retention needs Scales horizontally to support multiple applications and content types; and vertically to support continued data growth Allows for sub-second search response HCP Architecture HCP is a combination of SAN storage, hardware servers, and high performance software. HCP Hardware and Software 4 to 80 nodes Nodes upgraded in pairs 800,000,000 objects per node 64,000,000,000 objects per cluster 80PB per cluster HCP provides a true single cluster with no theoretical limit on the number of nodes it can support. This allows for significant content growth without there being any significant negative performance impact. HCP stores files as objects by coupling the file data with the metadata that describes it. The solution can maintain all file types, from simple text files to medical image file to multi-gigabyte database images. HCP can be connected to and integrated with most software applications through standard communication protocols S3, SMTP, NFS, CIFS/SMB, HTTP, HTTPS, and WebDAV. Highly available 2001 2013 LiquidHub, Inc. All rights reserved. 6

Data Protection Levels (DPL) provides copies of objects for duplication and protection against corruption using tunable parameters DPL 1-4. Objects are checked for integrity on a regular basis. Should a hash compare fail a copy of the original object will be recovered transparently to the user. RAID 6 block level protection provides further resilience against data loss. Node failures are protected by zero copy failover which prevents interruption of service. Disaster Recovery Each tenant can be replicated to an HCP located at an offsite facility providing a perfect copy of all content. API provides high availability functionality which includes replication from primary HCP Disaster Recovery onsite and offsite HCP Features and Capabilities Single Level of Management Regardless of the number of nodes, amount of capacity or size of content, HCP provides the capability to manage the environment as a single system through its SAN + Redundant Array of Independent Nodes (SAIN) architecture and scalable file system. Archive management and administration is simplified through the self-management features and allows storage nodes to be added or removed online without disruption or downtime. Full Content Searching HCP has the capability to perform expeditious search and comprehensive searches by name, file attributes, metadata, and file content across applications and document types. For an archive to be searchable, the HCP cluster must have one or more Hitachi Data Discovery Suite (HDDS) search nodes. Search nodes manage a distributed index of all the archived files in the cluster. For fast retrieval of query results, the search engine maintains an index, which is based on file data and metadata. HCP has the capability to support 77 languages and over 370 file types. Open Standard Interface The support of S3, SMTP, NFS, CIFS/SMB, HTTP, HTTPS and WebDAV communication protocols allows for most applications to work with HCP. Use of standard protocols ensures that data is fully retrievable with any standard software, protocol or method, mitigating technology obsolescence in the future. SAN + RAID (SAIN) 2001 2013 LiquidHub, Inc. All rights reserved. 7

HCP is built on a SAN + RAID in an array of independent node architecture model. It is delivered as a pre-configured, integrated package that consists of servers, software, and Hitachi s HUS and VSP systems. It can be configured in 5 and 10 terabyte storage units. The base configuration consists of a 4 server-node cluster that is scalable in 2.5 TB and 5TB increments. HCP ensures high availability through both Redundant Array of Independent Nodes (RAIN) configuration and SAN-attached Array of Independent Nodes (SAIN) architectures that provide node and path fail-over and offer multiple data protection schemes to meet a host of customer specifications. Governance and Compliance HCP 500 and Hitachi Data Discovery Suite (HDDS) collectively support full-text index, search and retrieval across content objects in the archive, auditing and legal discovery-based archives. Sets and enforces data retention periods to provide disk-based write once, read many (WORM) capability, authenticates content preservation via digital signatures or hash algorithms. Automates archiving procedures through policy-based management, and sets and enforces data retention periods to provide disk-based write once, read many (WORM) capability, and protects data in unaltered form through file authentication, retention, and logging. 2001 2013 LiquidHub, Inc. All rights reserved. 8

4. Assessment Compliance Matrix The purpose of the Assessment Compliance Matrix is to compare the specific regulation and subsections of the regulations to the specific features and capabilities of HCP in order to determine compliance to the rules. Matching features and capabilities matched against the regulations Regulation Acceptable Media 1: SEC 17a-4(f)(2)(ii)(A) Preserve the records exclusively in a non-rewriteable, non-erasable format. (Write Once Ready Many (WORM) devices. HCP Feature or Capability / DF Compliance In compliance mode, HCP fully complies with SEC regulation 17a- 4(f)(2)(ii)(A) requirement for non-rewritable device storage. Under appliance and software control files are determined as immutable during and after the retention period expires. Once a record is stored on WORM it cannot be deleted or altered prior to the end of its retention period assigned by the controlling application. WORM records cannot be altered anytime throughout their entire lifecycle up until their final disposition. Allows administrators to specify a file s retention date, the file is then protected by strict WORM restrictions -While under retention, WORM files cannot be deleted -WORM files are immutable, even after retention expires -WORM files cannot be renamed. -Directories containing WORM files cannot be renamed Once an object is stored in HCP, it cannot be altered even through the controlling application. When alteration occurs in the controlling application, HCP will recognize that object as a new object and will generate a new fingerprint. This process prevents the deliberate alteration of objects that have been previously stored. 2001 2013 LiquidHub, Inc. All rights reserved. 9

Quality Verification 2: Rule 17a-4(f)(2)(ii)B Verify automatically the quality and accuracy of the storage media recording process HCP fully complies with SEC regulation 17a-4(f)(2)(ii)B requirement for automatic verification of quality and accuracy of the storage media. HCP periodically computes the digital signature and compares it with the original value stored when the file was first archived, ensuring data integrity. A digital signature for each incoming file is created utilizing any one of the following hashing algorithms to ensure data integrity: MD5, SHA-1, SHA-256, SHA-384 or SHA-512. The algorithm produces at the binary level a fixed-length fingerprint of the object. The fingerprint is used to determine when the object has changed and generates a new fingerprint for the object. Once an object is stored in HCP, it cannot be altered even through the controlling application. When alteration occurs in the controlling application, HCP will recognize that object as a new object and will generate a new fingerprint. This process prevents the deliberate alteration of objects that have been previously stored. Record Duplication and Time-Dating 3: Rule 17a-4(f)(2)(ii)C and Rule 17a-4(f)(3)(iv)A Serialize the original and, if applicable, duplicate units of storage media, and time-date for the required period of retention the information placed on such electronic storage media HCP fully complies with SEC regulation 17a-4(f)(2)(ii)C requirement for record duplication and time-dating HCP maintains offsite copies of data through replication. HCP can be configured to continually replicate the contents to a physically separate cluster. On both the primary and DR sites, system administrators define the DPL level (between 2 and 4) of replica copies that are maintained depending on the value of the content. 2001 2013 LiquidHub, Inc. All rights reserved. 10

Downloadable Indexes and Records 4: Rule 17a-4(f)(2)(ii)D and Rule 17a-4(f)(3)(iv)A Have the capacity to readily download indexes and records preserved on the electronic storage media to any medium acceptable under this paragraph (f) as required by the Commission or the self-regulatory organizations of which the member, broker, or dealer is a member. Easily readable projection, micrographic media or electronic storage media 5: Rule 17a-4(f)(3)(i) Have the capacity to readily provide readable projection, micrographic media or electronic storage media on the electronic storage media to any medium acceptable under this paragraph (f) as required by the Commission or the self-regulatory organizations of which the member, broker, or dealer is a member. HCP fully complies with SEC regulation Rule 17a-4(f)(2)(ii)D and 17a- 4(f)(2)(ii)D requirements for easily downloadable indexes and records Full content and metadata search and indexing mechanism supporting 370 file formats and 77 languages are available for HCP s search appliance (HDDS). This enables rapid location and downloading of documents related to keywords, file properties and custom Metadata. HCP fully complies with SEC regulation Rule 17a-4(f)(3)(i) requirement for easily readable Images HCP preserves all of the object s original qualities, such as the file format, physical appearance, content, metadata and policy information, retains information sent to HCP by a controlling application. This enables rapid location and downloading of documents related to keywords, file properties and custom Metadata. The authentication policy regenerates the digital signatures to ensure that the content of the archived file matches its original digital signatures throughout its lifecycle in the archive. 2001 2013 LiquidHub, Inc. All rights reserved. 11

Easily Readable Images 6: Rule 17a-4(f)(3)(ii) If a member, broker, or dealer uses micrographic media or electronic storage media, it shall: i) At all times have available, for examination by the staffs of the Commission and self-regulatory organizations of which it is a member, facilities for immediate, easily readable projection or production of micrographic media or electronic storage media images and for producing easily readable images. Separate Storage of Duplicate Records 7: Rule 17a-4(f)(3)(iii) and Rule 17a-4(f)(3)(iv) Each index and record must be duplicated and the duplicated copies must be stored separately from the original copy of each index. Original and duplicate indexes and records must be preserved for the time required for the indexed records HCP fully complies with SEC regulation Rule 17a-4(f)(3)(ii) requirement for easily readable Images HCP retains information in manner that preserves its complete content, physical form, layout, and metadata especially that metadata indicating origin and provenance. Full content and metadata search and indexing mechanism supporting 370 file formats and 77 languages are available for HCP s search appliance (HDDS). This enables rapid location and downloading of documents related to keywords, file properties and custom Metadata. The authentication policy regenerates the digital signatures to ensure that the content of the archived file matches its original digital signatures throughout its lifecycle in the archive. HCP fully complies with SEC regulation 17a-4(f)(3)(iii) and 17a- 4(f)(3)(iv) requirements for separate storage of duplicated records. HCP utilizes Archive Object Package (AOP) format that includes compression, digital signature, and encryption when replicating and backing up content. The AOP for data object consists of three files. One file containing the object data, one file containing the object metadata, and one file that identify the other two files. HCP can be configured to continually replicate the contents to a physically separate cluster. On both the primary and DR sites, system administrators define the DPL level (between 2 and 4) of replica copies that are maintained depending on the value of the content. 5. About LiquidHub Consulting Founded in 2001, LiquidHub is a systems integrator and technology consultancy dedicated to high value delivery. Our growth from a few founding members to over 1,000 associates is a testament to our ability to deliver value for our clients. LiquidHub s growth and success comes from our unwavering commitment to predictable, quality delivery and the resulting trusted partner status we earn with our clients. We provide experienced consultants on entire project teams, and applications maintenance/development services, on client sites or from our development centers in Wayne, PA and Hyderabad, India. LiquidHub s services revolve around our clients needs for a range of consulting services, and we support the full lifecycle of technology enablement; strategy and architecture, applications integration 2001 2013 LiquidHub, Inc. All rights reserved. 12

and implementation, and managed services. In strategy and architecture, we help clients to realize their business vision through the use of new technologies and design flexible and scalable technology frameworks. In applications integration and implementation, our clients value us for our consistent, successful delivery across a wide range of technologies. And through managed services, sized right to our client s requirements, we deliver whole product development outsourcing and maintenance, dedicated application and infrastructure management, and ongoing customer support, both local to our clients and through our global delivery capabilities. 2001 2013 LiquidHub, Inc. All rights reserved. 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information