Checklist for developing an effective Data Retention Policy

Online Data Backup

Part 3: In our previous two areas of this series, we examined the history of information retention policies as well as the business and law that dictate what underlying issues you face when writing your data retention policy.

In part two, we took a look at the challenges that different industries face when considering what data to maintain as well as how long. Although each company has different requirements, the normal thread to each data retention policy is that your information is everywhere. Encompassing everything might be nearly impossible although this checklist isn't exhaustive; it’s a great foundation for any data retention policy. Combined with an innovative data backup system, you’ll rest easy knowing your information and facts remains safe and secure and simply recoverable.

On this final installment, we provide a data checklist and things to ask when setting your policy.

To start, assess that which you have. Your corporation has many categories of data that you'll be considering within your data retention policy:

Financial data

Databases

Email

Documents

Pictures / videos

Production data

System state information

Furthermore, the location of the data must be considered. You could possibly actually create a different DRP for each one, depending on what you keep where.

Servers - what is stored in your server?

Databases -what is stored there and how do the legal and business requirements dictate what you need to maintain and for how long?

Desktops - should you backup files which might be saved on desktops? Therefore, the length of time do you really need them? Typically desktop files may not be retained provided server data.

Email - This content in the data has to be evaluated.

What's inside your emails? Many organizations may experience that email is unimportant to core business, but others can make use of email for being an integral part of their order processing or customer care functions. Use the case of a freight forwarder for example, where almost every email has a document that come with key business information. That freight forwarder’s exchange server is, therefore, huge and crucial to copy. However, the freight forwarder can have customers that contact them years later looking for things that were to be sent to a particular location. On their behalf, email is imperative to backup. Your corporation will have a similar communications issue.

Recovery - how can your company recover its data from a potential problem or loss of data? How much time are you able to survive without your details before your company practice might be impacted? Have a reality check of this data retention policy and get:

Would it provide the necessary recovery? Will it restore in the time frame and also as you needed? Test that!

Frequency - Is there a danger of info loss, do you need to backup your data more once daily, and how long can you maintain the data?

- An example of the frequency of an retention policy might be:

Retain every daily backup for 10 days

Retain every weekly backup for 6 weeks

Retain every monthly backup for 14 months

Retain every year-end backup for 7 years

Evaluating the soundness of this data retention policy depends on asking your executive staff, is this right, would it be sufficient, and is it practical? There is a balance you’ll must achieve between cost to maintain data and the law your company is susceptible to. Furthermore, brainstorm the “what-if’s” scenarios and discover what data would be necessary to recover properly: What happens if we'd a partial loss of data of data for instance a server failure. What happens if there was a complete data loss for instance a premises disaster? What happens if we'd widespread corruption of info from a virus?

What if we a break down loss of data from deliberate sabotage

What if we accidentally destroyed important data? Imagine if we should return eventually for data for:

A tax audit

A labor law compliance audit

A product or service liability lawsuit

A work practices claim

A workforce tort says for example a sexual harassment claim

Finally, on your checklist, be certain that there isn't any “islands of data” not in the policy -

Laptops

Desktops

Remote offices

There's really no one size fits all for a data retention policy. Each company have their own unique needs, cost parameters and law that should dictate what's essential and mandatory to hold the business in case of an emergency or loss of data. Start out with the checklist above and boost it to match your individual business and law.

 

Please visit: http://www.globaldatavault.com/blog/checklist-for-developing-an-effective-data-retention-policy/