It has been said that data is more valuable than oil. This is no different if you are a small business owner or the head of a global corporation. Data is an asset.
Losing data can be disastrous, not only from a business continuity perspective, but your market reputation can become severely damaged. In addition, there can be some pretty austere legal consequences, and worse, you may even go out of business.
What would you do if you lost all of your information? Here’s how to construct a reliable data recovery plan.
What Is Data?
In the simplest terms, data is unstructured unprocessed facts. When the data is processed, perhaps for a report, it becomes information. The key part of this word is ‘inform’. You process the data and restructure it to inform decision-making.
Not all data is equal. Some data is more sensitive than others.
There are different types of data:
- Public – think of this information you can take off a company’s website, phone numbers, addresses, and the like
- Confidential or Private – examples are Bank account details, Social Security numbers, and IRS details
- Secret – trade secrets fall into this group of data
- Top Secret – governments have top-secret data, for example, plans for times of conflict
Classifying data will help to set the correct recovery measures in place. For example, it is not as much of a disaster if you lose your customer mailing list for a few days as if you lost your patented product or service designs.
Where Is the Data?
You could say everywhere, but in truth, data stores itself on devices, locally or in the cloud. Systems and devices fail – fact! You craft a recovery plan to ensure that your business is not impacted any longer than it needs to be in the event of losing any of the different types of data.
What To Do if the Data Is Gone
Business ownership in today’s online, always-on world carries the burden of responsibility to customers and staff regarding data.
There is a legal and ethical obligation to take fit-for-purpose measures to protect data.
A data recovery plan is part of the company’s disaster recovery plan.
The plan establishes:
- Processes to follow in the event of data loss
- Roles and Responsibilities
- Internal and External Communication
- Reviews and Lessons Learnt
Any data incident will likely be subjected to an IT audit. However, it is essential to remember that the audit will also look at the supply chain and vendors.
Crafting a Data Recovery Plan that Works
We have already mentioned the types of data and what the plan should contain.
There are two essential considerations to use when creating the data recovery plan:
- Recovery Point Objective (RPO) – how long can the business be down
- Recovery Time Objective (RTO) – how far back can I go before the data loses all value
The business can do without the different data types for different periods and requires further action plans to get the benefits of asset recovery fully.
For example:
- Invoicing data loss at month-end requires a quicker restoration time than midmonth
- Losing staff banking details during the payroll run needs a shorter RTO. After all, no point in restoring data that is months old
When crafting the data recovery plan, take the time to group the data and work with stakeholders to see how long they can be without it. This will help build the processes to restore data, how long it will take, and how dated the restored data is.
A Competetive Advantage
Ensuring that your business is minimally impacted when data is lost and can limp during recovery is an underestimated advantage. Having a well-thought-out data recovery plan is innovative management.
Did you enjoy this data recovery plan article? Then continue reading other articles on our website.