Alibaba Cloud OSS complies with the compliance requirements of U.S. SEC and FINRA
Object Storage Service (OSS) now fully supports the WORM feature, allowing users to save and use data in a “non-deletable or tamper-resistant” manner. Currently, OSS supports multiple types of strong compliance policies. Users can set a time-based retention policy for a bucket, which forbids any users (including the root account) to directly delete objects and policies before the retention time expires. OSS also provides LegalHold-based policies. Users can flexibly choose policy types that best meet their actual requirements. Current OSS compliance policies are applicable to all storage types, such as Standard storage, Low-frequency storage, and Archive Storage. Users can convert the storage types by using lifecycle policies and choose the most cost-effective storage type for storing data.
Alibaba Cloud OSS now fully supports the WORM feature. Users are allowed to save and use data in a “non-deletable or tamper-resistant” manner. This is very suitable for industries such as finance, insurance, medicine, and securities. Third-party service providers can build compliant cloud data storage based on OSS.
The following are some typical application scenarios:
- Compliance: Currently, OSS is the only cloud service in China that has passed the Cohasset Associates audit compliance assessment and can meet the strict requirements of retaining electronic records. For example, OSS meets compliance requirements such as EC Rule 17a-4(f), FINRA 4511, and CFTC 1.31.
- LegalHold : In legal case and lawsuit scenarios, with the LegalHold policy of OSS, Alibaba Cloud allows securely storing data by preventing data from being deleted or tampered until a lawsuit is closed.
The compliant retention policies in OSS support the following features:
- Time-based retention policy: Users can set a time-based retention policy. After the policy is enabled, users can read data and upload data to a bucket, but cannot modify or delete data. After the object retention period expires, users can delete the object.
- LegalHold-based retention policy: If users are not sure of the specific retention period, they can set a LegalHold-based retention policy. When this compliance retention policy is set, users can read data and upload data to a bucket, but cannot modify or delete data. Authorized users can delete a LegalHold-based policy. When a LegalHold policy is deleted, the Bucket will no longer be in the WORM protection mode.
- Support for all storage types: The OSS compliance retention policies are applicable to all storage types. Even if a bucket is in the WORM protection mode, users can set a lifecycle policy to convert the storage type to reduce the actual storage cost.
The OSS compliance retention policies apply to all regions and are compatible with existing buckets. Currently, the WORM feature has been released for public beta in the Shenzhen region. You should give it a try now!