Cohasset Associates Assessment for Object Locking on MinIO

While MinIO is known for being a high-performance, cloud-native object store, the security of the system and the resilience of the data have always been paramount. From erasure coding, bitrot protection, object healing, WORM and sophisticated, performant encryption - ensuring data is safe - across a number a different vectors has always guided us.

Still, one feature we did not have was object locking and immutability. We remedied that several months ago and are pleased to announce we have now have a positive assessment from Cohasset Associates regarding our object locking capabilities and specifically regarding SEC Rule 17a-4(f), FINRA Rule 4511, and CFTC Regulation 1.31. Cohasset Associates is a management consulting firm specializing in records management and information governance and is the gold standard for the assessment of software to fulfill the exacting requirements laid out by the regulators.

A copy of the Cohasset Associates Assessment report can be downloaded in its entirety here. This can be shared with the appropriate regulator when storing data on MinIO. It details exactly how to configure MinIO to meet the requirements as well as detailed look at the logic underpinning the object locking features.

A favorable assessment from Cohasset is a requirement in highly regulated industries. Of particular note are financial institutions such as banks or broker dealers. They are subject to Rule 17a-4 issued by the Securities and Exchange Commission (SEC). Rule 17a-4 has specific requirements for electronic data storage, including many aspects of record management, such as the duration, format, quality, availability, and accountability of broker dealer record retention.

Cohasset validated that when MinIO’s object store is configured as recommended, it meets the relevant storage requirements of CFTC Rule 1.31(c)-(d), FINRA Rule 4511, and SEC Rule 17a-4 – meaning MinIO is perfect for those who need CFTC compliant object storage and SEC compliant cloud storage.

We targeted this set of rules because they represent the most prescriptive guidance globally for SEC record retention requirements for financial institutions. All of our financial services clients have expressed interest in this feature as they seek to expand their usage of MinIO. We encourage you to reach out to us with any questions. Drop us a note at hello@min.io or swing by the Slack channel. You can download the code here. If you are interested in the MinIO Subscription Network you can find our pricing here.