A key component of BC/DR planning is backing up critical systems, data, databases and other relevant company information to a safe and secure location. You should perform a backup test frequently to ensure you can bring your backed up data and systems into production if your primary data and systems have been disrupted or damaged.
One of the most important things you can do if you have business continuity and technology disaster recovery plans is to periodically test them. Most experts advocate for testing at least once annually and whenever there's a substantive change to the business or technology infrastructure. However, certain elements of backed up assets necessitate more frequent testing.
When planning for your backup test, consider the following criteria:
- the criticality of the system, data, database and information;
- the likelihood of needing the data in an emergency;
- how quickly the system and data will need to be recovered in an emergency;
- the data backup technology and methodology; and
- the location of the backed up system or data.
You are more likely to need quick access to mission-critical systems and data in an emergency situation than less critical information assets. As such, these assets will need to be more up to date than other, less time-sensitive assets, and they will also need a more frequent backup test schedule.
Among the criteria listed above, the first three are the most important when determining how frequently you should perform a backup test. The remaining two criteria are also important, as they will determine how quickly backups can be recovered and activated in an emergency. Advances in backup and storage technology ensure that an organization can quickly access backups in emergencies.
This article is part of
Location is especially important if your backups are stored on site or remotely using a third-party service. Noting that access to third-party cloud backup resources is via the internet, the speed of recovery should be no different than on-site backups.
A model backup testing schedule
Let's examine a way to decide the frequency of your backup testing. First, you need to delineate the assets you are backing up; for example, systems, virtual machines, data files, databases, archival data, legacy systems and data, and system and network operation files.
Next, establish a table with the following values:
- Criticality of asset: 1 -- low -- to 5 -- extremely high. Include the likelihood of using the asset and the speed of recovery in this metric.
- Type of asset: application, virtual machine, data file, database, archival data, legacy assets, system and network files, non-electronic assets -- e.g., hard copies.
The table above provides a suggested frequency for asset backup testing. This will naturally vary among organizations based on the criteria listed above, company policies, IT department policies and other factors.
Dig Deeper on Data backup security
Related Q&A from Paul Kirvan
A strong data protection strategy must follow applicable standards and regulations to protect data and comply with privacy laws. What are some key ... Continue Reading
A major element in maintaining business continuity during a pandemic is taking care of employee health. Pandemic-specific planning must be a part of ... Continue Reading
This backup and recovery audit checklist offers a comprehensive group of controls and evidence examples to get you ready for the important process of... Continue Reading