Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
Don’t miss new articles!
Thank you for subscribing!
WORM Compliance

WORM Compliance Explained. Why Do You Need a WORM-Compliant Storage?

WORM Compliance Explained. Why Do You Need a WORM-Compliant Storage?

WORM (write once, read many), is a storage system concept. Developers designed it to protect information that an organization does not want to be destroyed or altered in any way. With WORM-compliant storage, you can transfer information to a storage device or cloud storage, but, once you transfer the information, it cannot be changed. 

WORM compliance also requires a second form of storage (at minimum) as a backup if a drive is stolen or destroyed. Because WORM compliance demands that data be unalterable, in cases where access is necessary, that access is restricted to read-only. Keep reading to learn what is WORM compliance and how you can use WORM storage solutions.

Table of Contents

    Legal Requirements and WORM Archiving

    SEC Rule 17a-4 f

    WORM archiving is closely tied to a variety of legal requirements. SEC Rule 17a-4(f) sets regulations about brokers and dealers. They must have a storage system that is unalterable, both in that it cannot be rewritten, and it cannot be erased. Users must be able to easily access and read the data. Organizations often use WORM storage to adhere to this regulation.


    Another regulation that ties in strongly to the concept behind WORM storage is the Health Insurance Portability and Accountability Act (HIPAA), which focuses on privacy and protecting patients’ medical records. It gives patients full control of their medical records and sets clear guidelines about who can access the records, as well as the penalties if someone unauthorized accesses or shares medical information about a patient. Many organizations, and especially healthcare professionals, use the WORM storage to ensure HIPAA adherence. One of HIPAA’s requirements is that certain parts of medical records are stored for a certain amount of time. WORM storage can be applied to ensure retention requirements are followed, meaning that no one can erase the information until a specified time.


    The WORM compliance also plays a role in the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is designed to protect credit card information and ensure strong security for financial transactions. A central part of the PCI DSS is designed to prevent individuals from tampering with credit card data. By using WORM storage to maintain the information, access to credit card and financial information is preventable.

    Why Do You Need Cloud-Based WORM-Compliant Storage?

    Many experts are currently emphasizing the importance of using cloud-based WORM-compliant storage. The cloud, which is now used in a variety of data contexts, was designed to make data accessible but not easy to lose. Rather than being stored on a hard drive, data storage is a service. Thanks to the cloud, if your computer crashes or gets stolen, you can still access all of your information, because it is stored in an area that is not connected to one single device. Being able to get to your files, photos, videos, and other information from almost any device is a standard in today’s business and professional world.

    The main concern with WORM-compliant storage is data loss. The only way to ensure you will not lose data is if you have at least two copies, one of which is stored in a completely different area. Using the cloud is the ideal way to avoid accidental data loss because you will be able to access the information from the WORM storage area on another device. Because WORM storage data often includes extremely important information — such as medical records or credit card information — it is vital to ensure that these types of critical data will not be lost.

    WORM-Compliant Cloud Storage Providers

    Amazon S3 and S3 Glacier

    Not all cloud providers are offering WORM-compliant cloud storage, so research is crucial before deciding where an organization will store its data. For instance, Amazon S3 Glacier added a feature to its cloud a few years ago, where a user can lock information so it cannot be overwritten or deleted until a certain time has passed—called the Vault Lock Policy. The main Amazon S3 storage class is also compliant to WORM. The feature is called object lock. You can specify certain controls and the retention period before locking the information, and once locked, Amazon S3 and Amazon S3 Glacier will enforce the controls and preferences that you set.
    Further reading Smart Guide to Amazon S3 Glacier

    Archiving to the Cloud: Cold Storage

    How to use cold storage - like Amazon S3 Glacier - cost-effectively and efficiently? Find out in our whitepaper:

    New call-to-action
    Cold Storage WP icon

    Azure Blob Storage

    In June 2018, Microsoft announced the immutable storage for its Azure Blob Storage to meet the legal requirements regarding retaining information that are listed above. Now Azure users can store their data in a WORM-compliant state where Blobs can be created and read, but not modified or deleted.

    WORM-compliant storage for Azure Blobs enables time-based retention policy support as well as legal hold policy support —  when the retention interval is unknown you can set the directions to keep the data immutable until the legal hold is cleared. WORM compliance policies are supported in all Azure public regions and apply to all Blob tiers.

    Further reading Microsoft Azure Blob and Managed Backup for your BaaS Offering


    Another provider that offers a WORM storage option is Wasabi. The company refers to its WORM storage solution as an immutability feature. Wasabi ensures that information on its cloud cannot be altered by anyone, and Wasabi programmers cannot influence the system without extensive testing.

    WORM-Compliant Cloud Storage Software


    There are also many WORM-compliant cloud storage software options available. One such cloud storage solution is Archive360, which works with the Microsoft cloud. It offers WORM storage capabilities, including the ability to set a specific period that information should be retained. Companies can transfer information from Office 365 to Archive360, and WORM-compliant storage is ensured.


    HubStor, another WORM-compliant cloud storage solution, also works with the Microsoft cloud. It provides a platform that has complete WORM capabilities.

    SnapLock by NetApp

    SnapLock by NetApp is WORM-compliant and functions along with application software, providing users with a way to store information so that it cannot be changed, similar to Archive360 and HubStor.


    The concept of WORM storage is vital to maintaining the privacy of important data, from health records to financial information. When paired with cloud storage providers, the WORM compliance concept becomes more advanced and more effective in protecting sensitive information.

    MSP360 Backup icon
    MSP360 Backup
    • Backup to Amazon S3 Glacier, Azure Blob Storage, Wasabi and more
    • Image-based, system state and file-level backup
    • Multiple recovery options
    New call-to-action