What your DR plan should protect


This article can also be found in the Premium Editorial Download "Storage magazine: What to do when storage capacity keeps growing."

Download it now to read this article plus other related content.

Records-retention policy update

Requires Free Membership to View

It's important to regularly update your company's records-retention policies to identify any missing records that need to be protected in case of a disaster. A business record is defined as any information that's recorded or stored by graphic, electronic, mechanical or other means and contains evidence of business-related activities, events and transactions with ongoing business, legal, compliance, operational or historical value. This is based on the content, not the format or recording media.

Your company's general counsel can become a strong source of support for a policy update project, and may provide budget dollars and resources to get it done. The records-retention schedule generally lists required records by business function or department, and the update process should include structured interviews with representatives from these groups. The interview process should update the list of paper records created and retained, and identify the types of electronic records used or retained by each group.

You should also take the opportunity to identify documents and data sets that need special privacy protection or security measures during emergencies. The disaster recovery plan will need to support these special requirements.

Assessing the situation
Your approach to DR planning will depend on whether or not you have a DR plan and when it was last updated. If you have a DR plan, you need to determine whether it is:

  • Covering only a small part of the critical data, and addressing only a few of the likely threats and risks.
  • Current but very expensive, placing all data on the highest cost storage tier and replicating it locally and remotely for rapid recovery in almost any failure scenario.
  • Current, cost-effective and based on a clear set of data classifications, as well as appropriate levels of protection and replication for each class.
If your company doesn't have a DR plan, or it covers only a fraction of the critical data and addresses a limited number of likely threats and risks, your first steps are to determine what data needs to be protected and to define the business requirements for protecting and recovering that data. Once this is done, you can then decide what technical and procedural steps you can take to provide the needed protection and recovery capabilities. These include the following:

Establish record types and business requirements. To ensure you understand what data is most critical for business recovery, start with a review of the legal, regulatory and operational requirements for records retention, protection and availability. A review of your company's official records-retention schedule will ensure that you address the full range of records and data the company must create and retain. If the retention schedule is incomplete or out of date, you may need to work with your legal and compliance teams to update it so that it covers important electronic records in addition to paper documents (see "Records-retention policy update").

This was first published in June 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: