Information Technology Reference
In-Depth Information
8.16.1
Business/Technical Drivers
Business and technical drivers behind backup/recovery include:
n
n
n
n
−
n
−
−
−
Organizational viability and survivability
Executive due diligence
Archival mandates (legislative or regulatory)
Balance between speed of recovery and risk avoidance
Speed of recovery drives the type and method of backup
Support for:
Business continuity or BC variation
Disaster recovery
Downtime tolerance (DTT) or recovery time objective (RTO) as deter-
mined by BIA
8.16.2
Compliance Requirements
Backup/recovery compliance requirements include legislation, regulatory require-
ments, concept of operations, and organizational policy. These compliance require-
ments should coincide with business drivers. Resulting services and mechanisms
support the execution of backup/recovery, the specifics of which exist in organiza-
tional standards, procedures, and guidelines.
8.16.3
Policy
Policies covering contingency planning and disaster recovery will address backup
and recovery. The business impact assessment (BIA) provides focus for policy
parameters (e.g., recovery time objective, downtime tolerance). These objectives
provide guidance for the appropriate selection of backup/recovery services and
mechanisms. Key policy attributes include roles and responsibilities, training
requirements, training, exercises, testing, BC/DR plan maintenance, etc.
8.16.4
Practice
Principles for managing data as business assets are in short:
do it
,
do it well
, and
do
it securely
:
n
Governance—Establish ownership or sponsorship for establishing data
requirements.
Includes adjudication when faced with contention over data access or
use
−
