“What should I backup?” “Everything, right?” While that seems like the most obvious answer, it isn’t the most optimal. With data privacy being the central focus of compliance laws like the GDPR, HIPAA, and SOX, both the type of data that can be stored and the duration of time it is stored are under the scanner. Apart from the audit hassles and the risk of non-compliance fines, retaining data, even if it is in the form of a backup and is not actively being processed, can have serious legal implications.
The Importance of Granular SharePoint Backup and Recovery
With the growing importance of data privacy and retention, having the capability to selectively backup only required SharePoint sites can help your organization easily adhere to legal and compliance requirements. For example, if certain site collections contain sensitive or time-barred client content it should be possible to delete their backups. Consider project-based site collections once the engagement has ended, or a client specifically requests that a backup be deleted. You need to be able to easily and permanently deleted backups.
Other Compliance/Legal Requirements of SharePoint Backup and Recovery
A solution that offers comprehensive backup and quick recovery can protect your organization from data loss — that’s a given. However, with data regulatory laws aplenty, it is essential to also examine the compliance and legal requirements expected of SharePoint backup and recovery. Questions such as:
Where is my backup located?
Check on the physical location of data and its backups that is mandated by the regulations your organization has to comply with. Ensure that they match with your backup solution’s datacenters.
What will be the backup’s retention time?
As detailed above, understand the data retention times for your company’s data and for the clients that you work with. For example, client content that is no longer needed and legally must be removed, or project-based site collections that have run their course and are no longer needed.
What control do I have over the backup and recovery?
Security and Compliance Officers may need to have granular control over the specific content that is backed up and retained. For instance, backing up only certain site collections, recovering a single artifact, etc. Ensure that such provisions exist with your backup solution.
How secure are my backups?
Your organization’s data is only as secure as its backup. Check that your backup provider uses strong data encryption, is compliant with the various certifications that your industry demands (SSAE 16, HIPAA, GDPR, etc), and has regular audits.
View full post on National Cyber Security
Sponsored Link: http://youtube.com/no1hacker