The purpose of enterprise data backup is more than just being prepared to restore data in the case of a catastrophic event resulting from weather or machine failure.
Data backup and recovery strategies must also meet company policies regarding regulatory requirements, data breaches, ability to respond to court orders, and more. These requirements go beyond just putting the data back the way it was before the disaster.
Company policies may have varying stipulations for retention and restore requirements from the different areas of responsibilities. For instance:
A company knows what regulatory bodies they must comply with. However, that coordination is not always formalized between the IT staff responsible for data back and recovery and the department responsible for the regulatory compliance. Regulatory compliance can become quite complex and is often changing. For instance, an organization may find that they must comply with HIPAA because they handle medical records on their employees or students, FFIEC because they handle money, and FISMA because they participate in government grants. Each regulatory requirement can have unique data recovery responsibilities that are being modified on a sporadic basis.
The Business Continuity department of large organizations is finding that their responsibilities have grown beyond people, facilities and information systems. The Business Continuity people are now approached with the responsibility of handling response, protection and recovery procedures if enterprise data is compromised. Data breaches are becoming more of a threat, both from a technical perspective and a reputation perspective. Data resilience is critical to the business regarding the increase in data breaches over the recent years.
An enterprise has the responsibility to be prepared to respond to court orders for information requests. In the case of litigation, the duty to preserve evidence can start with reasonable anticipation of litigation. As the litigation process proceeds, the data retention requirements may need to be dynamically altered from current standard company procedures.
Consider that data is not only to be backed up for protection of a catastrophic event, but, it also needs to be restored for many different purposes and meet varying requirements. This requires coordinated strategies and testing. Data Backup strategies must be planned and tested to assure all company requirements regarding data retention and recovery are met.
Consult with Data Backup and Recovery specialists, such as Salvus Data Consultants to ensure your organizations is taking into considerations all data recovery requirements.