: The core of the rule requires records to be stored in a format that cannot be edited or deleted during the retention period.
: While some records require shorter retention, a robust D3P service typically ensures full seven-year access to all data to meet the most stringent FINRA and SEC timelines. Six Features a D3P Needs to Make the Cloud 17a-4 Compliant
: Since data in the cloud is technically "live" and modifiable, a D3P must create a separate, compliant secondary copy of that data to ensure its integrity. : The core of the rule requires records
: The D3P must provide four specific documents to prove compliance: A Service Level Agreement (SLA). The 17a-4 Third Party Storage Provider Letter. The 17a-4 Broker-Dealer Letter. A formal Disaster Recovery procedure outline. : The D3P must provide four specific documents
To bridge the gap between standard cloud storage and strict regulatory requirements, a D3P must offer six essential features: