CA Data Protection EOL – 9 Items To Consider When Selecting a New Vendor


Since the announcement of the End Of Life for Orchestria | DataMinder | CA Data Protection in June 2019 many compliance officers in the financial markets have started to lose some sleep.

The complexities of the migration are starting to sink in and the processes are proving to be much more complex than anyone had hoped for.

It’s important to understand how the decisions you are about to make will affect your company, the employees, the reviewers, the regulators, and the customers. Are you asking the right questions?

Here are 9 items to consider and questions to ask when assessing a potential vendor:

  1. Policy functionality: Do you have a Lexicon or Contextual-based Policy engine? Do you have an established conversion process to migrate existing Data Protection policies? What does your out of box Policy set consist of? Do you have the ability to connect to a Data Feed to allow for more dynamic Policy references (ex: the ability to reference an OFAC SDN list or a Watch List)? 

    This is proving to be one of the more expensive, time-consuming, and crucial areas in the transition process. Policy functionality varies greatly among systems therefore, the conversion and validation processes can be complex.

  2. What forms of communication can you monitor and/or archive? 
    Email, instant and text messages, social media, web? Are these content types captured in their original format or transformed into an email for archiving and surveillance processes?

  3. Do you offer a migration path for the supervision data currently stored in Data Protection? 
    Does this migration path also account for the metadata containing the supervision history?

  4. What’s on your Road Map? 
    Priorities are evolving rapidly. As the vendors themselves become more aware of the needs of compliance in the financial market they are adjusting their priorities for the front runners willing to invest in a particular direction.

  5. What technologies do you utilize? 
    Do you have API access for custom development and integrations? This helps identify growth potential and possible restrictions. Give big bonus points to anyone willing and able to give you programmable API’s. Technology and regulations are evolving so quickly this access will give you the ability to adapt as you need.

  6. Controls: Do you have the ability to block, warn, quarantine, redirect, encrypt, move, delete, replace, or monitor electronic communications?

  7. What are the Cost Projections? 
    Startup costs are a bit easier to forecast than the actual migration costs. Typically, the stricter your requirements are to perform a complete one-to-one migration of existing policies, functionality, and operating procedures, the higher the migration costs are going to be. If you are willing to look at resetting your processes, doing things differently, and utilizing more out-of-the-box controls, then migration costs are cut drastically. However, those ‘technical cost savings need to be weighed against the internal time needed to identify, structure, get buy-in, roll out, and document new processes. Take this as a good opportunity to look at what has been working well for your company and what can use some improvement. Don’t waste money on migrating a clumsy process but be careful not to settle for a process that increases your risk and exposure.

  8. What are your Reporting Options? 
    Do you offer Customizable and On-Demand reports? Overall the new reporting options on the market are impressive. Technologies like Kabana have made robust reports pretty standard on most of the platforms out there.

  9. What are your Support, Training, and Education options? 
    This is a major move. Your entire compliance operation procedures will have to be re-evaluated. It’s important in this uneasy climate to make sure you have a strong team supporting you!


Technically Creative has over 12 years of experience with the Orchestria / DataMinder / CA Data Protection product. Our goal is to provide information, support, and custom solution options to CA Data Protection customers during their EOL transition. Would you like more information? Contact us at