{"id":516113,"date":"2024-06-05T11:50:56","date_gmt":"2024-06-05T15:50:56","guid":{"rendered":"https:\/\/www.commvault.com\/?post_type=cmv_glossary&p=516113"},"modified":"2024-06-05T15:05:35","modified_gmt":"2024-06-05T19:05:35","slug":"backup-policy","status":"publish","type":"cmv_glossary","link":"https:\/\/www.commvault.com\/glossary-library\/backup-policy","title":{"rendered":"Backup Policy Enterprise Strategy: Set of Rules and Procedures"},"content":{"rendered":"\n
\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t
<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t
\n\t\t<\/div>\n\t\t
\n\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\n\n

Backup policy definition<\/h2>\n\n\n\n

A backup policy is a set of rules and procedures that describe the enterprise\u2019s strategy when making backup copies of data for safekeeping. An enterprise data backup policy is an integral part of an organization\u2019s overarching data protection, disaster recovery and business continuity strategy. It is good practice to store two copies of the data, one on-premises or in the cloud for rapid recovery, and the other in the cloud, where data remains available in the event of a disruption.<\/p>\n\n\n\n

The backed-up data may contain diverse data sets that include structured and unstructured data generated by email apps or used by a wide range of applications, including databases. An organization\u2019s data backup policy and data retention policy usually complement each other.<\/p>\n\n\n\n

An effective backup policy identifies the information to be copied and the frequency with which one can perform backups, as well as the storage location where the backed-up data will be sent. Backup guidelines also outline the frequency of incremental backup, which IT performs after the initial full backup. An organization\u2019s backup policy also identifies the roles of IT team members responsible for backup, including backup administrator if that role is part of IT.<\/p>\n\n\n\n

An example of a backup policy article would be \u201cPerform a daily incremental backup.\u201d<\/p>\n\n\n\n

What is a backup policy?<\/h2>\n\n\n\n

A backup policy should include what data is to be protected, where to store the backup, how often the backup should run, and how long to retain the backup copy. Organizations adopt backup policies as part of the overall disaster recovery posture that seeks to avoid data loss or extended shutdowns due to unexpected events.<\/p>\n\n\n\n

Many IT organizations have heard of the 3-2-1 rule of data backup: a company should have three copies of data, in two locations, one of which is offsite. A resilient data backup policy would then include making two copies of the source data, one for quick recovery and the other for keeping in a secure remote offsite location. A backup storage target could be on-premises or in the cloud, depending on the backup source data. <\/p>\n\n\n\n

For example, it is much faster to recover large sets of on-premises data from a local on-premises storage location, rather than from the cloud, while sending a secondary copy to the cloud for long term retention. Conversely, if the primary backup data source is in the cloud, it is often preferable by the company to backup directly to cloud storage and recover from cloud storage to the cloud application or data source. Companies are increasingly using the cloud for a safe backup repository taking advantage of its scalability, security, and compliance capabilities.<\/p>\n\n\n\n

Types of backup:<\/p>\n\n\n\n

Full backup<\/strong> takes a complete copy of all data on the devices designated to be part of the backup process. This backup is performed at the start of putting the backup policy into practice. Full backup protects all the data and keeps it in one location for faster restoration but takes a much longer time to perform.
<\/p>\n\n\n\n

Incremental backup<\/strong> changed since the last backup. This type of backup is the fastest to execute and can be performed as many times as an organization deems necessary.
<\/p>\n\n\n\n

A differential backup<\/strong> copies all the data that has changed since the last full backup. This backup provides companies with copies based on the same starting point when the last full backup occurs, but it takes longer time and occupies larger storage space.<\/p>\n\n\n\n

In addition to outlining backup frequencies, a data backup policy should also include the recovery point objective (RPO). The RPO metric defines how much data loss is acceptable to the business before data will be restored. The RPO value places demands on the systems involved requiring more resources for shorter RPOs. In the world of disaster recovery, RPO has a twin called recovery time objective (RTO), which specifies the desired recovery time following a disruptive incident.<\/p>\n\n\n\n

What is a backup policy and how does it work?<\/h2>\n\n\n\n

As noted earlier, the backup policy seeks to create procedures that could recommend one or more copies, for example, of a data source for safekeeping, that would be used for recovery in the event of data loss or disruption. Enterprises should strive to have a robust backup policy to avoid business disruptions and maintain compliance with data protection regulations.<\/p>\n\n\n\n

A strong strategy for defining a backup policy would include,<\/p>\n\n\n\n