Data Protection Audit – Systems, Devices and IT Operations
Your data protection audit lays out the plan that enables you to sleep at night knowing that data loss couldn’t destroy your business or be a costly and burdensome event.
In the previous installment of our three part data protection audit series, we looked at the questions you need to ask regarding your data requirements to determine what’s appropriate to include in your data protection audit. Those questions were focused on looking at the functional areas of the business.
In this last installment, we will view the business from the perspective of each business system.
There are three areas of concern:
- Support systems
- Devices
- IT operations
Support systems audit
It’s a great start if you have a server and are backing up data on it nightly or even less frequently, but if you have systems on the backup that have a restore time that’s within 24 hours, you’re likely to lose some data in the gap during a data loss event. You’ll need to have a restore system that will be faster for a practical scenario.
But don’t stop with servers, the same methodology goes for PCs. For example, say a company has one PC that is dedicated to processing credit card transactions, what would happen if that one computer went down? It’s imperative that you have that PC well protected. If you were to have an unexpected hardware failure, not only would transactions be interrupted, you’ll lose transaction data — unless you’re able to restore from a data center and run a virtual PC.
Device audit
This is the easier part of your data protection audit, but still necessary. Assess every device your company is using — everything that holds data. That includes servers, PCs, storage devices, laptops, tablets, cell phones that are used in your business, etc. Instead of looking at data recovery from strictly a business function perspective, look at it from the device perspective. How would you recover the device if it were gone? What do you have now and what should you have?
Consider this: Backing up PC’s is an important process, and the same goes for laptops. You’ll need to evaluate whether or not the resources used to protect the data on those devices are critical to your business. If you’re a software development company writing applications at your client sites, billing at $200 an hour… well, one guy losing a laptop could cost billable hours for many days! No, it probably won’t ruin a company, but smaller companies would certainly reel from a $5,000 loss due to one lost laptop. And what about the resources lost if you couldn’t recreate the data on that laptop?
IT operations audit
The final part of your audit process will be IT operations where you’ll identify the level of protection needed and perform testing.
No matter the type of technology that you’re evaluating, you need to analyze what your plan is to recover the device today, and what the plan should be in the future. In the end, you will have your complete needs analysis for all your technology company-wide:
- what needs to be protected,
- how to do it, and
- how to restore it.
There’s an unintended benefit from this whole endeavor. What started as a data protection audit actually provided your company a roadmap for the health and resilience of your business. Your data protection audit lays out the plan that enables you to sleep at night knowing that data loss couldn’t destroy your business or be a costly and burdensome event.
How to Plan and Execute a Data Protection Audit Series:
Part One: How to Plan and Execute a Data Protection Audit
Part Two: Data Protection Audit Planning
Part Three: Data Protection Audit – Systems, Devices and IT Operations