Customers may need to archive old alarms/alerts offline/into another system for the purposes of:

• Monitoring Governance
  • alarm message body reduction (purging old alarms)
• Analysis
• Reporting
• Safekeeping
• Future reference
• Adhering to compliance regulations.

Although UIM itself is not an Archiving and Compliance system, there are still some suggested best practices worth mentioning that can be followed for offline archival.

• Any version
• Industry-dependent

• Guidance

1. Define your data retention policy
   First, consult your legal and/or compliance teams to define a clear alarm data retention policy based on industry regulations and/or internal governance. Key elements include:

• Retention period: Determine how long you must keep alarm records, which varies by industry. For example, financial services have strict rules, while healthcare (HIPAA) often requires a minimum of six years.
• Data integrity: Specify how you will maintain a "complete chain of custody" for the data to prove it has not been altered or deleted outside of policy.
• Data access: Establish who can access archived alarm data and for what purposes, using role-based access control to maintain security.
• Archival criteria: Define the necessary conditions for when an alarm should be archived, such as after a specific time period (e.g., 60 days for active alarms, 30 days for inactive ones) or when the alarm status has been cleared, and so on.

     2. Export alarm data from the original system
         Use the alarm management system's built-in tools or APIs to export historical alarm records.

• Database query: Extract data from the database where your alarms are stored. If using a common format, you may be able to use a custom script to automate the process.
• Built-in export function: Some systems, have an "Archive Alarm Provider" designed to export records to external relational databases.
• Specific tool export: If using a specific product, follow the vendor's instructions. For example, some systems provide a procedure for backing up alarms into a compressed, e.g., sql.gz file.

• Immutable storage (WORM): Use a storage type that is "write once, read many," where data cannot be changed after it is saved.
• Encryption: Data should be encrypted both while at rest (in storage) and in transit (during transfer).
• Tamper-proof audit logs: The system should automatically log all actions, including deletions and access, with a complete, tamper-proof audit trail.
• Reliable retrieval: The archived data must be easily searchable and retrievable for audits or investigations.
• Automated lifecycle policies: The system should automate retention and disposal workflows according to your defined policy to reduce human error.

• Secure transfer: Transfer files using a secure protocol such as SFTP or SCP.
• Integrity check: Perform checksums on the data after the transfer to ensure it was not corrupted.
• Import into archive: Load the exported alarm data into the new archival system's database or storage repository.

• Conduct regular audits: Routinely audit the archived data to validate that it adheres to your retention policies.
• Automate monitoring: Use a dashboard tool, e.g., Grafana to monitor the status, errors, and growth of your archive.
• Log archival actions: Log all archival actions to a Security Information and Event Management (SIEM) system for traceability.