Backup and Recovery Policy Template

Planning Considerations

CIOs, CSO's, Disaster Recovery Managers, and Business Continuity Managers constantly are working to improve their recovery point objective (RPO) and recovery time objectives (RTO) by performing fast, non-disruptive backups, and data restoration. All comprehensive data protection solutions involve many considerations and contingencies.

• Accidental or malicious deletion of critical data - Requirement that provides the ability to quickly and easily restore individual files and folders.
• Data that is lost or corrupted over a period of time - Requirement to roll back individual records to fix  database corruptions. The ability to recover data from any previous point in time, and have it as granular as possible.
• A crashed disk - Requirement to recover a disk volume is different than recovering a single file, but it should be done just as quickly, and with automation to help keep operational disruptions to a minimum.
• A server failure - Requirement to restore operations when replacing a broken server may be complicated by the need to install different drivers on the new system if the hardware is not an exact match. It helps to have the capability to move the application workload to a standby server (with different hardware) or virtual server while the system is being replaced or repaired.
• A local or regional disaster - Requirement when you lose an entire office to fire, flood, or other disaster, have a current copy of your important information in another location that is outside the disaster zone.
• Remote offices and branch offices - Requirement  to have a process in place to restore with minimal technical support as remote and branch offices often do not have the luxury of having an on-site technical resource to assist in backups and restores.
• Resource-intensive backup processes - Requirement frequent or even continuous backup that is not resource-intensive .
•  Security breaches - Requirement to secure data. When moving data between sites, it needs to be protected from potential security breaches. A breach of data security, whether actual damage is done or not, can be devastating to your company's reputation, as dozens of large enterprises and government agencies have found in recent years.

Sample Policy

The Backup and Backup Retention policy is an 18 page sample policy that is a complete policy which can be implemented immediately. 

The document is provided in both Word 2003 and MS WORD format and is easily modified.  This policy is included in the Disaster Recovery / Business Continuity Template.

Below is a table from the policy:

Data Deduplication - Cost Savings Potential

It is estimated by some that corporate data has grown by 25% in 2009 after several years of increases at two to three times that rate. When you combine this with flat to decreasing IT budgets, something eventually has to give. Companies are now forced to make a choice. They will have to either keep buying more storage - which means other budgeted items go unfunded -and deal with the increased operating costs associated with managing more devices, such as power, cooling, and data center space or reduce the amount of data retained, which could impact compliance, recovery service level agreements, and business intelligence initiatives. Data deduplication approaches offer IT a hybrid alternative, which is to remove redundant content before it is ultimately stored - eliminating most of the downstream negative effects, which capacity would cause.

The gains in capacity savings provide customers with much more optimistic outcomes, such as the ability to retain more “virtual” and true information online for longer periods, dramatically lowering the operating impact of supporting that data and enhancing data protection operations with disk. These outcomes can lead to huge downstream financial benefits, such as moving corporate archives from tape to disk to assist corporate counsels in responding to electronic discovery requests.

For example, in a survey, approximately 60% of U.S.-based trial attorneys reported having cases that raise electronic discovery issues. Of that group, over 86% have issued or received a discovery request for electronically stored information since the new Federal Rules of Civil Procedure went into effect in December 2006. Corporate counsels need to quickly be able to run searches against centralized online archives in order to facilitate early case preparation and potentially avoid legal expenses because of reaching a settlement prior to trial.

Mounting financial and legal liability risk

Recovery and restore failures lead to serious financial and legal risk. The risk increases if there are no organizational retention policies with thorough organizational carry through. IT admins are by their nature, pack rats. They want to keep everything just in case. This leads to backups being stored for years, even decades. This increases potential legal liability. If there is litigation, a potential legal hold can be placed on any or all data that might be pertinent to the lawsuit. This can mean years of backups. Every bit of that held data must be searchable. To be searchable it has to be recovered and restored. If it cannot be recovered and restored, the judge will, based on precedent, tell the jury to regard that failure as data that would be detrimental to their case. Data retention without consistent practiced policies of data destruction leads to massive liability risk.

Urgent Data Protection Recovery and Restore Problems

• Inability to recover and restore data when it's required
• Data recovery and restore takes longer than required RTOs
• Too complicated recovery and restore processes that increase errors
• Storage snapshot recovery and restore issues
• Mounting financial and legal liability risk
• Missed data protection windows
• Inadequate protected data versioning
• Insufficient data protection RPO granularity
• Too many data protection errors
• Data protection as well as Business Continuity and Disaster Recovery (BC-DR) TCO is much too high

Long Term Data Retention

Long-term data retention includes weekly, monthly or other long-term backup, primary backup copy of data, off-line copy of static or fixed content data, archive and strategic data preservation. The emphasis is on low cost, long-term durability, compatibility, and energy efficiency for lengthy data retention. Tape is leveraged as a high performance bulk storage medium to off-load the disk cache, boosting the effectiveness and utilization of disk-based systems. From a green and economic efficiency standpoint, data staged off-line to tape consumes no energy while enabling exceptional performance during bulk restore operations. The combination results in both very green and economically efficient storage in addition to supporting business sustainability and enabling compliance.

Tape versus Disk for Data Retention

A tape copy operation may be made locally and then physically transported to another location for safe off-site storage, or data may be replicated as part of the backup and data protection process to a remote VTL or tape library where a removable tape copy is made. Hybrid solutions also leverage diskto- disk locally with snapshots or other point-intime copies that are then replicated to another location or to a cloud-based storage managed service provider (MSP). Data and network bandwidth optimization techniques and technologies, including compression and deduplication among others, enable more data to be moved on available networks or to reduce networking requirements.