Henrik Dolle - Fotolia
To ensure that data backup activities are consistent with good practice and relevant standards and regulations, periodic audits are important.
Audits ensure you're performing backups regularly using good backup practices, your backup systems and storage resources perform correctly, and you're following all relevant controls. If the organization has policies and procedures in place regarding data backup and recovery activities, audits provide evidence to senior management, as well as external organizations -- regulators, key customers and stakeholders, for example -- that the organization conducts its data protection programs properly.
It's best to have a backup and recovery audit checklist of items, like the one below, to make certain you're taking care of everything. You don't want to leave anything out when it comes to the mission-critical task of backup and recovery.
When preparing for a backup and recovery audit, you must address several important factors.
First, identify the backup and recovery controls that you must likely audit. If you use an internal or external auditor, ensure the audit team knows how to audit IT systems. Determine which IT department team should support the audit. Establish a work area for the audit team. Secure a variety of documents, reports and other information as evidence for examination by the auditors.
The following backup and recovery audit checklist itemizes the various controls that might be audited. This way, you can be prepared for most audit requests. In the end, this work helps facilitate the timely completion and delivery of the audit report.
When going over your backup and recovery audit checklist, err on the side of more evidence, rather than less. More audit findings means more remediation work once the audit report has been approved and published. Your organization will likely circulate the audit report to senior IT and corporate management, so plenty of relevant evidence goes a long way.
Dig Deeper on Data backup security
Related Q&A from Paul Kirvan
A remote access VPN connects remote users from any location to a corporate network. A site-to-site VPN, meanwhile, connects individual networks to ... Continue Reading
Network managers and users might opt to set up two VPN connections at the same time, from the same remote device. But that might not be possible -- ... Continue Reading
Risk assessments help identify and, more importantly, prioritize activities an organization needs to address its most serious threats and ... Continue Reading