Home > Data Protection > Data Protection (general) > Dell PowerProtect Data Domain Retention Lock > Security Officer Sign-On requirements
According to the SEC 17a-4(f) standard, the strictest requirement is to ensure that any actions that could compromise file integrity prior to expiration of the retention period can be only executed by deliberate physical destruction methods.
To meet this requirement, the RL-C provides a dual sign on capability which requires, in addition to the system administrator credentials, a second authorized person referred as the Security Officer, to complete certain administrative actions. This approach ensures that system tampering procedures which might compromise data stored under compliance are supervised by an additional layer of security.
It is possible to have multiple Security Officers configured on a system. Thereby, any one of the Security Officers can authorize commands on the system. When this configuration is used, the System Administrator must create first Security Officer role. This Security Officer can add further Security Officer roles or remove them as needed. If multiple Security Officers are configured, RL restricted operations only require authorization from one Security Officer.
The primary administrative actions that require Security Officer authorization are:
The following operations and system commands cannot be executed on a Data Domain system that has a RL-C license installed and enabled: