Many companies have a backup and restoration process, a virus policy, and even a systems security policy for hacker prevention. However, most companies’ policies are woefully incomplete in all three of these areas. To make matters worse, these plans are scattered about the company and they leave out one of the most important pieces, actual recovery after a major disaster has occurred.

Let's tackle each item one at a time:

Backup and Restoration

By now we all know (or at least I hope so) of the importance of performing regular backups. The reason for doing this is obvious: in the event of some form of database corruption, disk failure, or even user error, as in someone deletes a file then realizes they shouldn’t have, you want to make sure you have a way to recover the information.

When one of these things happens (notice I said when, not if) you can recover from it no worse for the wear. However, what happens if the building that houses your data center burns to the ground? Do you have a policy to take care of that? Does your backup policy allow for such an event? In this case a simple backup and restoration policy is not sufficient because your backups have also been destroyed. You need to start looking at things such as off-site storage of backup media. In this case, off-site storage does not refer to keeping tapes at somebody’s house or simply in another building on your campus. What happens in case of massive flood, hurricane, tornado, earthquake, or (heaven forbid) a bomb? You need a secure place that is designed to house sensitive, mission critical data. These types of places will walk you through their physical security (man-traps, metal detectors, etc.) as well as natural disaster security. They should have such things as high capacity sump pumps in case of flood, heavily buttressed walls in case of a tornado or hurricane, and shelving units designed to collapse together, forming “mini pyramids” in case of massive earthquake. You should have a full backup going to a place like this once a week.