Compliance Vault settings ensures that data cannot be tampered with or deleted. In many industries, and especially regulated industries such as financial services and government sectors, organizations are required to store certain types of data in unalterable formats. CTERA Vault uses Compliance Vault technology to prevent editing, overwriting, renaming or erasing this data.
When a cloud drive folder is defined with Compliance Vault settings and added to the CTERA Vault, after an initial, optional, grace period, the contents of the folder can be protected from any attempt to change the folder content such as by renaming, moving, modifying, or deleting content for a specified retention period.
Any file in a folder in the CTERA Vault has the same settings restrictions when accessed by CTERA Edge filers, CTERA Drive Connect, and when accessed from an S3 Browser after the cloud drive folder is set up as a bucket, as described in Setting Up Access to Content Using the S3 API.
CTERA Drive Share/Protect (Agent) cannot sync content that is in the CTERA Vault.
Enabling CTERA Vault
CTERA provides a role, Compliance Officer and a permission, Manage Compliance Vault Settings that you use to manage compliance vault settings. The Compliance Officer role automatically has the Manage Compliance Vault Settings permission. You can also set the Manage the Compliance Vault permission for a Read/Write Administrator.
Only administrators with the Manage Compliance Vault Settings permission enabled can set up CTERA Vault on a folder.
To enable CTERA Vault:
- Make sure that the administrator has the Manage Compliance Vault Settings permission enabled.
For details, see Managing Administrator Users.
Setting Up CTERA Vault on a Folder
The Compliance Vaultsoption can only be defined when initially setting up the cloud drive folder.
To protect a cloud folder with CTERA Vault:
-
Select Global File System > Cloud Drive Folders in the navigation pane.
The Cloud Drive Folders page is displayed.
-
Create a new folder, click New
The New Cloud Drive Folder page is displayed.
NoteYou can also set up a cloud folder with WORM compliance enabled by clicking New in the Compliance Vaults tab, in which case the the Folder Type section is not displayed as the Compliance Vault option for the Folder Type is set automatically.
-
Complete the fields as described in Adding or Editing Cloud Folders without saving the new cloud drive folder.
-
If you are a Compliance Officerr or a Read/Write Administrator with the Manage Compliance Vault Settings permission enabled, described in Managing Administrator Users, select Compliance Vault for the Folder Type..
The Compliance Vault option can only be defined when initially defining the cloud drive folder.
-
Select the Compliance Vault tab.
-
Slide Compliance (Write Once Read Many) on.
-
Complete the compliance details:
Grace Period – The period of time before the compliance restrictions are applied.
Retention Mode – The level of compliance:- None – Files in the cloud folder, after the Grace Period, cannot be renamed or modified but they can be deleted by anyone.
- Enterprise – After the Grace Period and for the duration of the Retention Period, the Administrator with the Manage Compliance Vault Settings permission can permanently delete files. This mode is useful when the enterprise does not have external compliance regulations but wants to impose enterprise-wide regulations. In this case, compliance is enforced for everyone in the enterprise except for administrators with the Manage Compliance Vault Settings permission.
Note
An administrator with the Allow Files/Folders Permanent Deletion permission can permanently delete folder content with the Retention Mode set to Enterprise, even if the administrator does not have the Manage Compliance Vault Settings permission.
- Compliance – After the Grace Period and for the duration of the Retention Period no one can delete or make changes to files in the folder.
Retention Period – The period of time that Compliance Vault is applied. During this period files cannot be deleted.
-
Check the I Understand box.
-
Click Save.
Changing the Compliance Vault Details
Unless Compliance Vault in the Compliance Vault tab was enabled when the folder was created in the New Cloud Drive Folder page, compliance vault settings cannot be set for the folder. If Compliance Vault was enabled when the folder was created, you can edit the compliance vault settings.
To edit a cloud drive folder in CTERA Vault:
- Select Global File System > Cloud Drive Folders in the navigation pane.
The Cloud Drive Folders page is displayed.
- Click the Compliance Vault folder to edit.
The folder page is displayed with the folder name as the page title. - Edit the folder details.
- Click the Compliance Vault tab.
The compliance details are displayed.
- Edit the compliance settings:
Grace Period – The period of time before the compliance restrictions are applied. Changes to the Grace Period only apply to content added to the folder after the change. Existing content complies with the old setting.
Retention Mode – The level of compliance. The Retention Mode can be changed from None to Enterprise or Compliance and from Enterprise to None or Compliance but Compliance cannot be changed.
Retention Period – How long the compliance has to be applied. Changes to the Retention Period only apply to content added to the folder after the change. Existing content complies with the old setting. When the Retention Mode is Compliance Vault the Retention Period can be extended but not shortened. - Click Save.
The changes only apply to new files added to the cloud folder and not files that are already in the cloud folder.
Handling Deleted Files
Deleted files, set in the portal with Compliance Vault can only be removed from the storage using the storage life-cycle management.
Attempting to Break Compliance Vault Settings
If an attempt is made to change content that is in the CTERA Vault, an error is displayed and written to the audit log.
When the Retention Mode is set to Compliance Vault, when attempting to permanently delete content, the permanent deletion process will delete all the files marked for permanent deletion, including all previous versions of these files, until the first file that is in the CTERA Vault that cannot be deleted. The permanent deletion process will then stop.
Examples
- Attempting to delete a file:
- Attempting to rename a file:
Viewing Compliance Content Details
As an administrator with the Manage Compliance Settings permission you can display details of the content in the CTERA Vault.
When displaying the folder that has compliance set, clicking the 
icon displays content details as well as Compliance Vault details in a separate tab.
- For a single item, which includes the retention mode and when the compliance period ends:
- For multiple items:
CTERA Vault Log Entries
If an attempt is made to change content that is in the CTERA Vault, an error is written to the System log.
Attempting to rename a file in the CTERA Vault is logged as a Move operation.