4 | Conclusions
Cohasset assessed the capabilities of MinIO Object Storage, Release 172, when Object Lock mode is set to Compliance, in comparison to the five requirements related to the recording and non-rewritable, non-erasable storage of electronic records, as set forth in SEC Rule 17a-4(f) and its associated interpretive Releases. (See Section 1.3, MinIO Object Storage Overview and Assessment Scope.)
Cohasset determined that MinIO Object Storage, when properly configured, has the following capabilities, which meet the regulatory requirements:
-
⬤
Maintains record objects and certain record object metadata in a non-erasable and non-rewritable format for time-based retention periods, when a Retain Until Date is applied and the Object Lock mode is set to Compliance.
-
⬤
Prohibits deletion of a record object and its immutable metadata until the applied Retain Until Date has expired.
-
⬤
Allows a Legal Hold status to be applied to record objects subject to preservation requirements, which retains the record objects as immutable and prohibits deletion or overwrites until the Legal Hold status is cleared.
-
⬤
Verifies the accuracy and quality of the recording process automatically utilizing (a) advanced storage recording technology and (b) an MDS checksum that must be received from the source system. The MDS checksum is stored as a metadata attribute and utilized for post-recording verification.
-
⬤
Uses a unique combination of attributes to serialize each record object.
-
⬤
Allows authorized users to access the record objects and metadata with the S3 API for local reproduction or transfer to a format and medium acceptable under the Rule.
-
⬤
Regenerates an accurate replica of records and metadata (including index attributes) from redundant data, should data be lost or damaged. Alternatively, the Mirror functionality, provides continuous synchronization of record objects and associated metadata between source and destination Buckets, resulting in duplicate copies.
Cohasset also correlated the assessed capabilities of MinIO Object Storage, when Object Lock mode is set to Compliance, to the principles-based electronic records requirements in CFTC Rule 1.31(c)-(d).
Accordingly, Cohasset concludes that MinIO Object Storage, when properly configured and utilized to retain time-based records, meets the five requirements of SEC Rule 17a-4(f) and FINRA Rule 4511(c), which relate to the recording and non-rewritable, non-erasable storage of records. In addition, the assessed capabilities meet the principles-based electronic records requirements of CFTC Rule 1.31(c)-(d).