WORM Storage FAQ

William Shannon
William Shannon

WORM is an acronym for Write Once Read Many. It is similar to how data is stored in a Compact Disk (CD). In short, FINRA WORM refers to a specific regulation issued by FINRA related to WORM storage systems within the financial industry.  The Dropsuite product is built upon WORM principles, but there is also an option to enable a FINRA compliant WORM option if that is needed for your environment

Some features that were affected by FINRA WORM are the Data Protection Officer (DPO) and retention policy. Additionally, this FINRA configuration can’t be undone once it is activated.  To have the option enabled at the partner level, please reach out to our support team (support@dropsuite.com)


Activate FINRA WORM for Organization (After the option has been enabled by support at the Partner level)

  1. As a partner, log in to the portal.
  2. Go to the Organization page and find the Organization you wish to activate FINRA.
  3. Click on the organization to View Details.
  4. Go to the Features tab, and click the WORM Storage toggle.
  5. The system shows a confirmation popup, then click the Set Active button.
  6. Once successful, the system will show a success banner and lock the WOM Storage toggle because they can’t disable back configuration, and the DPO toggle won’t appear.



Can sub-resellers access WORM?
Yes, as long as the configuration is active.


Which partner roles can access WORM?
Partners with owner, super admin, and admin roles can access WORM.


I logged in to the partner portal but couldn’t find the WORM toggle. Why is that?
On GUI, the WORM toggle is only available for the Archiver SKU. However, backup and archiver SKUs generally use logical WORM storage that implements writing once and reading logic many times.

Please note that we have the backdoor on the Old Partner Portal to enable WORM for the backup SKU, but the initial requirement does not allow the backup SKU to have WORM storage by default.


I am unable to activate WORM and got this error message. What does it mean?

The above picture indicates that DPO is in an active state. To enable WORM, please disable the DPO feature first.


Why do WORM and DPO look contradictory?
One of the purposes of WORM is to maintain data integrity, so the deletion process that is performed by DPO is something that is not aligned with.


What are the advantages of WORM storage?
Data immutability: Once written, data cannot be altered or deleted, ensuring data integrity and compliance with regulatory requirements.

Secure archival: WORM storage provides a secure means of storing sensitive data for long-term archival purposes, protecting it from unauthorized access or tampering.

Compliance readiness: WORM storage solutions are often designed to meet regulatory compliance requirements, such as HIPAA, GDPR, or SEC Rule 17a-4, making them suitable for industries with stringent data retention policies.


What happen if we activate WORM on an existing Organization that has a DPO role?
After the DPO feature is disabled in the user interface, the DPO role will appear as User View & Restore, while in the database, it remains labeled as DPO


Is WORM applicable to email products only?
Yes. WORM storage is applicable only to email products.


Do the email retention settings apply to WORM?
Yes, email retention is applied and the data will not be available after the retention period. The system will show an error message when the user creates a retention policy with less than a 3-year retention period.


How does WORM work in an existing Organization with less than a 3-year retention period?
The system will automatically convert it to 3-year retention period.


While WORM is active, can I delete an account?
No. Archiver SKU only allows users to deactivate an account, not delete it, whether WORM is in an active state or not.


Can I request Dropsuite to remove certain accounts while WORM is active?
No, accounts can’t be deleted when WORM is activated. As it needs to comply with the WORM principles.

The WORM principle, which stands for Write Once, Read Many, means data can only be written once and then remains unchanged for reading. It shouldn't be altered or deleted. It's crucial for industries like finance and healthcare to comply with this principle to maintain data integrity and meet regulatory requirements.


How do we handle customer requests for WORM in non-US regions? Is there an explanation/solution for using them instead of WORM?
The way we do WORM is logical. It is built into our solution. There is no need for any special request.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request