Commvault offers two types of WORM functionality: WORM storage lock and compliance lock.
WORM Storage Lock
You can use the WORM storage lock option for both deduplicated and non-deduplicated data in disk libraries. WORM storage lock provides data security at the physical (hardware) level.
Notes
-
Do not enable WORM storage lock at the backend systems or applications, other than those specified in Configuring WORM Storage Lock.
-
If you enable the WORM storage lock, the compliance lock is automatically enabled. Also, you can enable only the compliance lock.
Compliance Lock
Compliance lock is a security control that provides protection from destructive tasks such as deleting backups, storage, apps, servers, and backup destination copies, and reducing retention for disk storage vendors within the CommCell Console interface. You can enable the compliance lock at the storage level, and all associated backup destination copies will be locked and protected.
Compliance lock provides data security only at the software level (within the Commvault user interface) by protecting data against rogue users that use compromised credentials.
The combination of WORM storage lock and compliance lock features results in immutable backups that neither the storage administrator nor the Commvault administrator can delete.