From estimates to invoices, the ability to process data via a computer system is an integral part of just about every business. Your customers expect that their information is always accurate and available.
Even where your clients are inclined to be more forgiving, the General Data Protection Regulation (GDPR) isn’t.
Accuracy, availability, etc. are the products of explicit endeavour and do not happen by accident. Nor are they beneficial side-effects attributable to running a particular operating system or application. When a computer system fails, a good backup strategy is your only guarantee that your business can recover and continue trading with the minimum of disruption.
A good backup strategy must be fit for purpose. Like an insurance policy, it must consider the assets requiring protection, their value, any risks to those assets and for how long protection is required.
Whilst the GDPR only values personal data, catalogues, order books, estimates, diaries, project plans, inventories, etc. are examples of important business assets that must also be protected from loss or damage.
Value your data
When it comes to estimating the value of data assets for inclusion in a backup, I find that a high-level course grained approach will suffice. My preference is to place the data in to one of the following categories.
Any data that has regulatory significance or cannot be recreated from other external sources.
Data without regulatory significance that can be recreated from other sources.
Data without regulatory significance that is either transitory in nature or its omission has no adverse impact on the performance of the business.
All High-value items must be protected, whilst everything else should be protected.
Having decided which data to protect, the next step is to identify any threat to the integrity of that data so that an appropriate backup mechanism and frequency can be selected. These will be specific to your circumstances, but in general High-value data that changes often will need a more frequent backup schedule.
In addition, safe (protected from fire, accidental or deliberate destruction and unauthorised access) on-site and off-site storage will be required for the backup media.
Duration of protection
Depending on the regulatory environment in which your business operates, there may be specific data retention requirements. In such cases, it’s not uncommon for back-ups to be kept for months or even years.
Finally, a good backup strategy must incorporate an element of testing where backups are routinely restored to a temporary area or system to ensure that they are useable.
An effective back-up strategy is an important part of any disaster recovery plan. As such, there should be a document that describes the approach used by your organisation to protect the data that is held within its computer systems.