Another essential tool for information security is a comprehensive backup plan for the entire organization. Not only should the data on the corporate servers be backed up, but individual computers used throughout the organization should also be backed up. A good backup plan should consist of several components.
• A full understanding of the organizational information resources. What information does the organization actually have?
Where is it stored? Some data may be stored on the organization’s servers, other data on users’ hard drives, some in the
cloud, and some on third-party sites. An organization should make a full inventory of all of the information that needs to
be backed up and determine the best way back it up.
• Regular backups of all data. The frequency of backups should be based on how important the data is to the company,
combined with the ability of the company to replace any data that is lost. Critical data should be backed up daily, while
less critical data could be backed up weekly.
• Offsite storage of backup data sets. If all of the backup data is being stored in the same facility as the original copies of
the data, then a single event, such as an earthquake, fire, or tornado, would take out both the original data and the
backup! It is essential that part of the backup plan is to store the data in an offsite location.
• Test of data restoration. On a regular basis, the backups should be put to the test by having some of the data restored. This will ensure that the process is working and will give the organization confidence in the backup plan.
Besides these considerations, organizations should also examine their operations to determine what effect downtime would have on their business. If their information technology were to be unavailable for any sustained period of time, how would it impact the business?