Given the rate of data growth along with the increasing importance of business information, a cost effective, offsite data archiving service can deliver significant business benefits.
A good data archiving strategy will allow you to regain control of your Microsoft Exchange and Windows file servers as well as to protect your data for compliance reasons.
The following are tips on what to consider when thinking about a data archiving strategy.
1. CONSIDER THE BUSINESS REQUIREMENT
Each business needs to identify what types of data need to be kept for specific periods of time. In the case of email, for example, these distinctions could include different retention periods for different departments, or for different projects, or for different levels of management. Retention is also a question of storage space. Organisations need to ensure that individual mailboxes are used only for communication and short-term storage, not as the primary means for official record retention.
2. RECOGNISE YOUR LEGAL AND REGULATORY OBLIGATIONS
Establish clear, recorded and defensible retention policies that demonstrate your ability to meet business needs as well as legal and regulatory obligations. These policies need to include schedules that demonstrate appropriate retention periods for the various categories of information. Businesses that do not preserve data long enough to meet their legal other regulatory obligations may face severe penalties as a result.
3. ONLY KEEP HOLD OF THE DATA YOU NEED TO
On the other hand, retaining information for too long creates a different risk; that of being compelled to produce information that could defensibly have been destroyed. A well-planned retention policy, addressing both minimum and maximum retention times, limits the information pool to what is both timely and potentially relevant.
4. COLLECT THE PERSONNEL
To make the best informed decisions when setting the data archiving policy, you should collect the personnel who have knowledge and authority of the organisation’s business needs both departmental, and as a whole. Developing a full picture of the organisation’s data use and requirements enables you to set the most efficient policy, ensuring that the retention periods reflect the business’ needs.
5. COLLECT THE INFORMATION
If you have an existing policy regarding records and information management or a policy that identifies the data being archived, then that is the place to start. All the data that is going to be archived needs to have a retention period assigned to it and must be included in a retention schedule. If you plan to begin archiving data immediately, the initial retention period may be “indefinite” while the policy and schedule are decided.
6. SET THE RETENTION PERIODS
You now need to determine the actual specific retention periods, beginning with regulatory and other legally established minimum periods. Identify all categories covered; categorise the data subject to regulations and identify the required minimum retention period for each category. Consider to use the same minimum retention period for all regulated information for consistency or whether to define separate retention periods.
The information must be accessible, searchable, and retrievable when needed. With Redcentric’s data archiving service data can be retrieved without the time and expense of backup tape restoration. System-wide archiving permits classification of data, automated search and retrieval, and data de-duplication.
8. USE THE RIGHT TOOLS
Deploying an indefinite data archiving policy while permanent retention schedules are being developed, provides your company with the immediate ability to preserve information for later review and decision by your legal department. This reduces the chance of inadvertent destruction. Interim data archiving gives IT an opportunity to understand the technology, fine-tune the deployment, before defining the permanent policy. IT can begin to estimate the amount of storage capacity required to retain email, which can be useful for planning. The data archived during the interim can then be reviewed, and disposed of as appropriate.
9. ADDRESS YOUR BUSINESS NEEDS
When determining the business requirements, the following should be considered:
- How often access to the data is likely to be needed
- Whether data is either superseded by/or included in later versions
- The extent to which data is distributed outside the business
- The potential for related legal action or other adversarial action
- The purpose of the data, both in its creation and in its distribution
- The intended use and distribution of the data
10. DOCUMENT AND CIRCULATE: CREATE A WRITTEN DATA RETENTION POLICY
The newly established data retention periods need to be recorded, both for distribution to users and as part of the legal defensibility record. The schedule does not need to be elaborate, but it should include specifics about the various categories and associated retention periods.
An external review of your data polices ensure you have a full understanding of your backup and recovery provisions. This external review process, like the one on offer from 7 Elements, provides a deeper understanding of your entire backup and recovery capabilities, through to your protection mechanisms as well as where is the data replicated to and retained.