This guide will help you have an informed discussion with your information and communication technology (ICT) support organisation or IT expert about backing up your organisations important data. It will help to give you the information and concepts to work with them to ensure that you have an adequate backup regime and won’t lose the information you need to keep your organisation running.
Why back up?
You need your data to run your organisation and serve your clients, but there are no guarantees your data will be there when you get to work each morning.
Access to the information stored on your computers or held by others (such as hosted and Cloud services) on your behalf can be lost due to:
- computer failure
- human error
- malicious acts
- loss of physical or remote access (because of, for example, fire, natural disaster, civil emergency, bankruptcy of supplier)
- corruption of the information
- accidental deletion.
You need to minimise the risk of losing your information, and backing up is one of the best ways to do that.
You should back up to:
- retain financial data required for auditors
- comply with the requirement in your funding agreements, quality frameworks and regulations to have backups
- retain governance information and records of board meetings, resolutions, etc
- protect the historical records of your practice for future reference
- ensure staff information, contact details, payroll information and rosters are not lost
- ensure client data is protected and you can access payment, attendance and contact information
- retain program data that you require to reconcile grants and funding.
How important is your data?
How important is your data to the continued running of your organisation? The answer determines how rigorous your backup procedure should be.
To help answer these questions, start building a picture of what information you have. Throughout this guide we’ll be asking questions about each set of information.
Think about the technology systems and sets of information that you have. For example, do you have:
- a client management system
- newsletter mailing lists
- phones (landlines)
- mobile phones
- a website?
For each system and set of information you have, consider:
- your tolerance for unavailability of each (for example - one day, two weeks)
- your tolerance for data loss (for example - one day, one week). Think about the typical timeframe in which you would create enough new files or make enough changes to existing information that it would be difficult to recreate them if they were lost. This will help you decide how regularly you want to back up your data and to have a copy elsewhere. So consider, if data loss occurred right before your next backup, how long would it have been since your last retrievable backup?
Your list is starting to look something like this:
Where is your data stored?
Build up a picture of where your systems and information sets are stored. Information may be duplicated in multiple places, it may be distributed across various locations, or it may be a mix of both.
For each system and set of information, consider where it is stored. If it is in more than one place, identify the main place it is stored. These storage places could be:
- PCs, laptops and tablets
- Cloud or hosted services.
Now your list is looking something like this:
What should you back up and how often?
Daily, weekly, monthly? How often you backup data will generally depend on how important it is to you. You can also use your “tolerance for data loss” to understand how often different data should be treated. For example, if you can’t risk losing data for a day or a week, it may be best to include them in your daily backups.
Add a column to your list titled ‘Backup’ and work through each row, identifying how often you think you’ll need to back each system or information set.
Once you’ve finished, your list should looks something like this:
How should you back up?
We have not covered all backup types in this guide, only those applicable to small-medium sized organisations. Other types of backups, such as incremental, exist. For further information about backup types and options see this article.
There are three main different types of backups:
- Full data: Backs up all your data. It is time consuming to back up and takes up space, but is the easiest and quickest type of backup to restore.
- Differential data: Backs up just the things that have changed since last full backup. It is fast to back up, doesn’t take much space, but is slightly harder and slightly slower to restore than full backups.
- Imaging: Takes an ‘image’ of the entire drive, including software, operating system, any customisation you’ve done, where everything is stored and so on. It is very useful if you need to quickly rebuild a computer that is broken.
Your analysis of your systems and data sets will help you and your ICT supplier determine which type or types of backups provide the safest and most pragmatic backup regime for your organisation.
You will also need to carefully store your program disks (if you have them) or security keys if you’ve downloaded them. That way your programs can be restored without backing them up.