Backup and Recovery Tip: Determine Backup Policies and Procedures

May 8, 2015

Creating a backup policy is one of the most important things you can do for your data security plan. Optimized backup policies and procedures will save your organization time and money by bringing backup and recoverability in line with actual requirements. They will also ensure a smooth recovery process in the event of a hard drive failure, virus attack, or natural disaster.

In the clip below, Symantec explains the importance of determining backup policies and procedures in order to make the backup process more efficient:

Backup policies and procedures vary according to the needs of an organization and industry, however, there are certain elements of the data backup and restore process that every company should identify:

• What data should be backed up
• Who can access backups
• When to back up your data
• What types of backups are required
• Where to backup data

Determine What Files Should Be Backed Up:  

One of the first things to identify when creating a backup and recovery strategy are the files your business absolutely cannot afford to lose. Pay close attention to the files that are important to running the business on a daily basis. Files that include financial data, property and tax information, personnel records, and marketing and sales data are particularly important for businesses to protect.

Determine Who Can Access Backups:  

It is also important to identify the people within your business who will have access to the backups.  While it is ideal to have as little human interaction with the backup and recovery as possible, it is necessary to appoint someone to be responsible for running the backups, monitoring the success or data stored, and be the contact for data recovery.

Determine How Often to Backup:

Your backup policies and procedures should also establish a clear and documented backup schedule. This schedule should depend on what your business does and how important your data is. Each database or file type may need to be backed up at different time frames, such as daily, weekly, or monthly. It also important to determine what time of the day the backup takes place, during business or after, so that business operations can cooperate accordingly.

What Type of Backups are Required:  

When creating your backup policies and procedures, it is also important to determine which backup type is best suited to your organization’s needs. The three basic types of backup include:

• Full backups, which makes a copy of all data to another set of media, including tape, disk or CD. This is the simplest form of backup, but it is also the most time-consuming and space-intensive.
• Incremental backups, which only copies the data that has changed since the last backup operation. This method takes the least amount of time and media of all the backup methods.
• Differential backups, which backs up all selected files that are new and changed since the last full backup. This method requires more space and time than incremental backups, but enables a faster restore.

Be sure that your policies and procedures identify which one your organization will use on a regular basis.

Where to Back Up Data:

Before writing your policy, you need to decide if you are going to use physical, cloud, or both for backup.  Keep in mind that some of your critical data may very well need to be backed up via multiple methods.

Once you have established the backup policies and procedures for your organization, it is important to document, test, and evaluate them periodically.

Does your organization’s security comply with industry standards? Dewpoint can assist in assessing where an organization’s overall security posture is through a security assessment. The first consultation is free! Contact us to learn more.