What are your backup, DR and data retention policies?


This article can also be found in the Premium Editorial Download "Storage magazine: Evaluating the benefits of IP SANs."

Download it now to read this article plus other related content.

What really matters?
An optimized backup environment delivers services that are aligned with the business requirements of the organization. This requires having both the capabilities and resources available to meet these service demands, as well as the policies and processes in place to apply these resources where appropriate.

In backup environments, an all-too-common approach is to define a set of policies based primarily on two attributes: retention and the frequency of full backups. Often, decisions about these aspects are based not on an understanding of business need, but rather on IT operational standards or a vague sense of what is generally believed to be acceptable.

That approach may not adequately meet the data protection needs of the organization. It would be far more useful to develop an approach to backup policy that ensures that resources and capabilities match business needs. Here's how to begin.

First, develop service objectives, a set of attributes around which a service is defined. An SLA is a written agreement between IT and a user for providing a set of services that have been defined by one or more service objectives.

Clearly, backup frequency and retention are important backup service objectives, but there are others (see "What's

Requires Free Membership to View

your objective for backup?" on this page) that merit some additional comments. Although "backup" is commonly used to refer to the entire backup/restore operation, users don't care about backup at all. Their real concern is restorability. Two attributes go to the heart of that concern: recovery time objective (RTO) and recovery point objective (RPO). Respectively, they answer the questions: "How fast can data be restored?" and "How current must that data be?"

Focusing on frequency and retention doesn't address those concerns. To establish RTO and RPO, gather and define requirements for your key applications. How well is the value of data understood within the organization? Many organizations are attempting to establish tiers of primary storage in which the most important data is placed on Tier One storage, and less important data place on more economical, Tier Two storage devices. The definition of RTO and RPO requirements for data can be thought of as one of the more important elements of this data classification process.

Another increasingly important service objective relates to historical data retention, also known as archiving. Archiving is different from the retention and expiration parameters of backup data. It's a point-in-time snapshot of selected data that is intended to be stored and retrievable for a significant period of time. Archiving is more about content than format, so it's often a completely separate process from backup, one in which selected content is dumped into a standard format for safekeeping. The renewed concern about regulatory compliance is driving a re-examination and modification of archive policies and procedures.


What's your objective for backup?
Backup frequency How often a file is backed up. Also related to the cycle of full/incremental backups
Retention period The length of time that a particular version of a file is available to be restored
Backup window The period of time available each day to complete backups
Recovery time objective (RTO) The acceptable amount of time from the start of the data recovery process until its completion
Recovery point objective (RPO) The acceptable time variance between the current time and the age of the data available to be restored
Off-site/Disaster recovery requirements Additional recovery requirements and considerations for disaster recovery scenarios, i.e., data dependencies, additional coordination requirements,etc.
Archival requirements Long-term data retention of historical data and related management requirements. Driven by business and regulatory demands
Special media considerations Additional requirements regarding media type, validation, refresh, etc.

This was first published in July 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: