Backup and business continuity plan

A backup means a copy of one or more electronic files created as an alternative in case the original data or system are lost or become unusable (for example, in the event of a system crash or corruption of a disk). It is important to note that backup differs from archival in that backup copies of electronic records are typically only temporarily stored for the purposes of disaster recovery and may be periodically overwritten. Such temporary backup copies should not be relied upon as an archival mechanism.
Backup and recovery processes must be validated.


The 3-2-1 Backup Rule – An Efficient Data Protection Strategy

Backups ensure that your critical data will survive any of the likely hazards.

For a one-computer user, a backup strategy can be as simple as copying all important files to another device – or, ideally, several devices – and keeping them in a safe place. However, for multiple computer systems, things can be much more complicated, especially when it comes to virtual environments containing thousands of virtual machines. In these cases, a comprehensive data protection plan may includes the 3-2-1 backup rule.

The 3-2-1 Backup Rule

The 3-2-1 backup rule is an easy-to-remember acronym for a common approach to keeping your data safe in almost any failure scenario. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite. To clarify, let’s take a look at each point of this rule.

Keep at least three copies of your data

Even a trivial event, such as a fire alarm triggering the sprinkler system could literally wash all your data away. Countless other incidents could bring about the same outcome – for example: theft, fire, a disgruntled employee exacting revenge for imagined slights, or the vandalism of a rioting mob. Therefore, having one backup isn’t enough, especially if it is stored on the same premises as the primary data and on the same type of media. Obviously, the more backup copies you have, the less chance you have to lose all of them at once. Thus, the 3-2-1 backup rule states that you need at least three copies of your data, meaning the primary data and two backups of this data.

Store two backup copies on different devices or storage media

We must remember that any storage device will fail sooner or later. Hard drives fail over time, whether because of a defect or simply wearing out. Two devices of the same type have a much greater risk of failing around the same time than two devices of different types or two different storage media. Thus, the 3-2-1 backup rule says that if you keep your primary data on an internal hard drive, store your backup copies a different way – for example, using an external hard drive, optical disks, digital tape, or the cloud. A good alternative is using a Network Attached Storage (NAS), which is a smart hard disk box you can attach directly to your network and use to store your important data in a resilient and redundant format. NAS devices act independently from the rest of the infrastructure they are attached to and stay accessible for data retrieval, should your infrastructure go down.

Keep at least one backup copy offsite

As it is obvious that a local disaster can damage all copies of data stored in one place, the 3-2-1 backup rule says: keep at least one copy of your data in a remote location, such as offsite storage or the cloud. If you want to protect your data from disasters, which might strike large areas, “remote” should mean as far away as possible, i.e., in another city, state, country, or even continent.

While storing one backup copy offsite strengthens your data security, having another backup copy onsite provides for faster and simpler recovery in case of failure.




Business continuity plan. A written plan that is documented and maintained that defines the ongoing process supported by management and funded to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and recovery plans, and ensure the continuity of services through personnel training, plan testing and maintenance.