How to Pass the Data Backup Audit
Companies that use IT and data will inevitably the subject of audits, during which these organizations will be required to produce evidence of a robust backup plan and the capability of restoring data in a pinch. Unfortunately, many businesses have a backup system that is either inefficient, unreliable or missing altogether. As a result, when the auditor comes knocking, the backup system will not be ready and the auditor will likely leave behind a fine and date for a follow-up.
More importantly, an audit failure will expose the ugly truths about a company’s database backup compliance issues. According to a survey from Gartner, 43 percent of companies go under immediately following data loss. Another 51 percent shut down within two years. Those are unfortunate odds, especially considering those companies could have taken measures to ensure their data backup platform was capable of data loss prevention.
Consolidate the backup tapes
Many companies use tapes as an insurance policy against data loss, but too many of those companies stop there. If a backup tape is sitting forgotten on a dusty shelf somewhere, it may as well be at the bottom of the ocean to an auditor. Organizations should use a backup tape management system to compile all of those records into a single database in order to locate and retrieve them at a moment’s notice if necessary.
For businesses with multiple offices, this platform is especially important. It means that, essentially, a single employee or team can track backup tapes’ movement and updates as they change hands and location. Auditors will be looking for this kind of transparency when it comes to data migration.
Move at the speed of data
Information moves at light speed – literally. Digital transactions mount on a daily basis and the backup tapes should reflect that. According to the Information Systems Audit and Control Association (ISACA), data backups should occur on a daily basis. Not only that, a company should be able to demonstrate that data can be recovered quickly following a major breach. This demonstration should occur at least once a year.
Backup tapes are physical assets, so they are at risk of destruction in the event of a disaster like a fire. That’s why date tapes should be housed in a separate facility from the company’s headquarters where they can be protected from destruction, easily accessed and updated regularly. That way, management can go into an audit with confidence.