Return to site

Untangling Data Management Controls

The Spaghetti Factory that is Data Loss Prevention, e-Discovery, Archiving and Business Continuity



When I won my first engagement with a client in a regulated industry, I knew very little of cybersecurity best practices and knew almost nothing of data management as it pertains to compliance. This is not for lack of understanding or industry maturity, but because cybersecurity best practices, data management and business continuity didn't really exist, as they do today.

Fast forward 15 years in real time, or 3x1027823003 years in tech time: cybersecurity and data management compliance partner together as part of my standard workday. Most firms today have a compliance attorney or consultant with whom they work. To no fault of their own, there is a flaw in the armor that these compliance specialists are providing: technical understanding and real-world guidance for implementation of systems to satisfy the dynamically changing cybersecurity threat landscape, data loss prevention methodologies, e-discovery best practices, data archiving and business continuity planning.



The systematic control of information, specifically personally identifiable, sensitive and/ or proprietary data.


The use of electronic means in order to comb data repositories and transmissions in order to scrape and flag keywords of specific interest or consequence.


Non-alterable/ read-only copies of communication, documents or other data stored for a length of time beyond it's realtime need. This originally included only e-mail communication but has recently expanded to social media, SMS/ MMS and instant messaging system. In specific industries, copies of created, edited and deleted data files may be required to be kept for a period of 5, 7 or an indefinite number of years.


A custom plan of action used in the event of: electronic systems failures (on- or off-site), catastrophe or other failure that might break the standard way in which business is conducted. The plan provides key points of contact, specific hierarchy of human resource management and other information as it relates to the specific, critical practices and processes of the organization.


In order for any human resource to handle any or all of these tasks, it would require teams of people working around the clock, combing all of the data for PII, placing all communication into a comprehensive, searchable and organized archiving system and then flag any data of interest. Since this is not advised, nor is it realistic, companies offer one, some or all of these services under one service offering. There are several challenges, when adopting system(s) to handle these best practices and requirements:

  • Is the third-party secure and redundant and can they prove it?
  • Does the firm have a track record that shows they will be around for at least the minimum number of years for which you would like, or are required, to store data?
  • Is the system fully or partially automated, or does it require human intervention in order to perform routine tasks?
  • Is the system cost-effective?
  • Does it play nice with your existing data flow?
  • Is it easy to maintain or does it require specific understanding of search engine syntax like: boolean or logic?
  • Is there one system available to handle all of the data discovery and retention tasks or do you need other products in order to supplement where the first lacks?


NS.BC has been working with firms in regulated industries long enough to know the ins-and-outs of these topics, has put them into action in real-world firms. NS.BC has negotiated contracts for, implemented, configured and maintained these systems. NS.BC has also assisted with advanced searches of data, data exports and migrations to and from these systems (when requested).

The NS.BC Solution Stack has options that fit all budgets, firms of all sizes and technical acumen. NS.BC is proud to be able to offer one-stop, big name ERP solutions that include the tools necessary to satisfy these requirements.

Existing clients can send a request via the Support Portal or e-mail address.

New inquiries may be submitted from our home page.