Companies spend a significant amount of money investing in technologies meant to manage business-critical data, yet fail to accomplish basic levels of backup and restore efficiency. The backup and restore process is often considered a secondary operation, but is one of primary importance to a sound data protection strategy. The concept of backup is simple -- but executing appropriate, efficient backups and restores in today's complex computing environment is one of the most daunting tasks faced by IT staffs. Companies must ensure that backup and restore offerings meet business-based recovery objectives and are architecturally compatible with existing and future technologies, all while remaining in budget.
In addition to setting objectives, companies should conduct frequent assessments of their business continuity programs to ensure they stay aligned with a changing environment. The following is a list of questions that can assist a company in doing a self-assessment of their data protection risk.
The questions are designed to suggest critical components of a best practices business continuity program. Collectively within your IT organization you should be able to provide detailed answers to all the questions outlined below.
Data protection risk analysis self-test
1. Does your organization have a documented business continuity program and an executive or corporate group responsible for overseeing the program?
2. Does your business continuity plan include key contacts, vendor locations, alternate site information and disaster classification criteria?
3. Do you routinely test your business continuity plan and review and update the documentation? How often?
4. Have you identified and documented all the critical activities your organization performs in support of your business?
5. Is your strategy based upon an environmental or technological event that negatively impacts multiple geographic areas? Does it have a significant impact on your organization and its resources?
6. Do you have a secondary site for business continuance in the event of a wide-scale regional disruption? If so, are your primary and secondary sites active-active or active-passive?
7. Is your secondary site at least 200 miles from your primary site?
8. Does your secondary site depend on the labor pool or infrastructure components (transportation, telecommunications, water supply, electric power) from your primary site?
9. Are you able to recover within a pre-defined window (number of hours) of a significant negative event?
10. Do you test your business continuity plan with external business partners and counterparties to assure compatibility of business continuity strategies within and across critical markets?
11. Does your organization have a defined data classification policy in which applications and associated data sets are classified by their business importance? Do you have a separate recovery strategy for each data classification type (tape, disk, remote replication and so on)?
12. Do you currently utilize remote disk replication for your business-critical data? If so, do you implement multiple hops to prevent a "rolling disaster"?
13. Do you currently stream backups directly offsite?
14. Has your organization recently performed a backup yield analysis to determine the overall success of your backup strategy? Do you have the proper tools in place to give you visibility into your backup environment to ensure your organization's backup yield is meeting your objectives? Is the data backed up within window? Is the backup complete?
15. Do you have a plan in place to recover from data corruption?
About the author: As vice president of professional services at StorageNetworks, Inc., Donna Williams is responsible for service development, and delivery of consulting and training services. Donna has more than 18 years of experience in information systems and has held positions at IBM and the DuPont Company.