Companies spend a significant amount of money investing in technologies meant to manage business-critical data, yet fail to accomplish basic levels of backup and restore efficiency. The backup and restore
In addition to setting objectives, companies should conduct frequent assessments of their business continuity programs to ensure they stay aligned with a changing environment. The following is a list of questions that can assist a company in doing a self-assessment of their data protection risk.
The questions are designed to suggest critical components of a best practices business continuity program. Collectively within your IT organization you should be able to provide detailed answers to all the questions outlined below.
Data protection risk analysis self-test
1. Does your organization have a documented
business continuity program and an executive or corporate group responsible for overseeing the
2. Does your business continuity plan include key contacts, vendor locations, alternate site information and disaster classification criteria?
3. Do you routinely test your business continuity plan and review and update the documentation? How often?
4. Have you identified and documented all the critical activities your organization performs in support of your business?
5. Is your strategy based upon an environmental or technological event that negatively impacts multiple geographic areas? Does it have a significant impact on your organization and its resources?
6. Do you have a secondary site for business continuance in the event of a wide-scale regional disruption? If so, are your primary and secondary sites active-active or active-passive?
7. Is your secondary site at least 200 miles from your primary site?
8. Does your secondary site depend on the labor pool or infrastructure components (transportation, telecommunications, water supply, electric power) from your primary site?
9. Are you able to recover within a pre-defined window (number of hours) of a significant negative event?
10. Do you test your business continuity plan with external business partners and counterparties to assure compatibility of business continuity strategies within and across critical markets?
11. Does your organization have a defined data classification policy in which applications and associated data sets are classified by their business importance? Do you have a separate recovery strategy for each data classification type (tape, disk, remote replication and so on)?
12. Do you currently utilize remote disk replication for your business-critical data? If so, do you implement multiple hops to prevent a "rolling disaster"?
13. Do you currently stream backups directly offsite?
14. Has your organization recently performed a backup yield analysis to determine the overall success of your backup strategy? Do you have the proper tools in place to give you visibility into your backup environment to ensure your organization's backup yield is meeting your objectives? Is the data backed up within window? Is the backup complete?
15. Do you have a plan in place to recover from data corruption?
About the author: As vice president of professional services at StorageNetworks, Inc., Donna Williams is responsible for service development, and delivery of consulting and training services. Donna has more than 18 years of experience in information systems and has held positions at IBM and the DuPont Company.
This was first published in January 2003