Data Protection in Business Continuity: 5 Key Questions to Ask

Every organization backs up its data, but not all do so in a manner that is validated or rationally tailored to their needs. Business continuity professionals can help their organizations raise their data protection game by acting as educators, advocates, and brokers on this issue between the business departments and IT.

A Data Security Conversation with a Client 

Here’s a conversation I have frequently with my clients: 

Herrera: How are you doing backing up your data? 

Client: Perfect! I have all types of backups. 

Herrera: Great. How often do you actually validate the  data and its integrity? 

Client: [Silence.] 

These days, you could sooner find a person who would admit to not brushing their teeth than you could find a company that would admit to not backing up their data. But not all data backups are created equal.  

Data Loss Happens All the Time 

Organizations lose data all the time. Occasionally this is due to dramatic events like ransomware attacks. More often it’s the result of everyday glitches like accidental deletions, corruption in the database, and hardware failures. 

After experiencing a data loss, organizations turn to their backups and find they are inadequate in terms of keeping their losses within acceptable limits. 

BCM Professionals as Data Protection Guardians

Data is now key for businesses to function. So BC professionals need to include data protection in their business continuity plans. 

So business continuity management teams need to inquire into the data protection situation for each department. They should facilitate communication on this issue between the business departments and IT, educate the parties about the issue, advocate for the adoption of sound data protection practices, and ensure that the recovery strategy between  business departments and IT is clear. 

Five Key Questions to Improve Data Protection 

While BCM professionals don’t usually have hands-on control on data, but you can and should advocate that steps be taken to improve data protection and boost the organization’s resiliency. 

To help you to do that, here are five key questions to ask.

1. How is data backed up?

Most people in the business departments have no idea how IT backs up their data. 

The departments should be encouraged to take an ownership position with regard to their data. It’s their information. 

That data is vital for each department to do their job, so they need to know how IT looks after it. 

Knowing how their data is backed up can bring many benefits. 

• It can shape their behavior in ways that reduce the likelihood of data loss, 
• Help them be realistic about what can be recovered in the event of a loss, 
• Enable them to talk intelligently with IT.

It’s also a necessary starting point for strengthening their department’s data protection regimen. 

2. How much data can be permanently lost?

Every department needs to figure out its maximum allowable data loss. This is the limit to how much data can be lost for them to keep working.

This loss is usually measured in an increment of time, e.g., 15 minutes, four hours, or 24 hours. Factors driving this limit can include legal or regulatory requirements or work volume issues. 

3. How does IT’s data protection align with what the department needs?

Facilitate an exchange of information between the department and IT about the maximum allowable data loss, the reasons for it, and the current level of data protection offered by IT. 

This discussion requires the department saying what it needs in terms of data protection and IT saying what it can currently do for the department. 

4. How can we improve our current data protection processes?

As a BCM professional, you should mediate the discussion of the level of data protection each department gets, 

This is easier said than done in many cases. Sometimes IT takes pride in its systems and procedures and is resistant to the idea that it provides insufficient backup protection. (This is commonly expressed as, “Have the people in that department lost their minds?”) 

Sometimes IT lacks sufficient storage space or other resources to provide the level of protection desired. In some situations, it might easily be able to meet the department’s needs. In others, the department might need to implement some kind of workaround to close the gap (such as by logging some information manually as a backup in case data is lost). 

A diplomatic and well-informed BC professional can make an important contribution by helping the parties negotiate their differences and close the gap. 

5. How can we validate all data backups?

Encourage the department and IT to validate the data backup and any workarounds. 

It’s not enough to have a backup. The backup has to be tested and proven to work. During a data loss is the worst possible time to find out the measures you’ve been relying on all this time to safeguard your data don’t actually function the way they are supposed to. 

By getting answers to these five key questions, the BCM office can do its best to push the organization to raise its data protection game. 

Advocating for Better Data Protection 

Every organization backs up its data, but relatively few do so in a manner that is rationally tailored to their needs or tested and validated to be sure it works. As a BCM professional, you can help by becoming advocates for better data protection.  

To support you better and to improve your business continuity planning and protection, you can also use BCM software, such as BCMMetrics. 

Our business continuity software was developed by the experts at MHA Consulting and provides you with four easy-to-use modules with flexible pricing to improve your BIA reporting, BCM planning, facility mapping, and to analyze your compliance with industry frameworks and legislation.

Do a virtual tour to understand how it works.