The data back-up scope serves to establish which data (sources) will actually be included in the data back-up. A well thought-out and structured data filing system can to a great extent ensure that no important data are overlooked. In addition, you should check whether the data (sources) for back-up are actually available at the time of the data back-up run (for instance with regard to devices which might be switched off over the week-end)
If you create a data back-up at short intervals, this does safeguard against any minor data losses. On the other hand, it also increases the effort required for data back-ups. In particular, this could lead to bottlenecks on the network, if you back up large data quantities every day. In this case, it is recommended you carefully assess your needs for protection.
The time of your data back-up depends on your business processes. Here you should assess the risk evolution of any potential data loss inside the time period between your individual data back-ups. A frequent practice is therefore to run back-ups at the end of every day, so not to disrupt daily operations and use the resources available at night for data back-ups.
In case of data loss, you generally restore the version of the last available data back-up. For various reasons, it might also be necessary though to be able to recover older historical data from further back at times. For such data, you should determine a retention period for your back-ups. With the help of a well thought-out rotation schedule (generation principle) geared towards data volumes and protection needs, such retention periods can be safeguarded with a minimum of data back-up media. When backing up data daily for instance (Mo to Fr), it only takes 20 data back-up media to be able to recover the back-up versions of the last four weekdays (Mo to Th), the last 13 week-ends (Fr), the last two month ends and the last year end.
The term required recovery times denotes the period of time between the discovery of any data loss up to the time access is reinstated. The shorter this maximum tolerable outage period is set, the higher the organisational and technical requirements with regard to your data back-ups. Things to be considered here are the required time for identifying data to be recovered, locating such data on their respective data back-up copies, access to the required data back-up media and the actual data restoring process.
Sometimes, the time available (e. g. during the night) is not sufficient to completely back up data from a certain protection class at the required frequency. You can mitigate this problem by carefully choosing the type of data back-up method you use (complete, differential, incremental). With a complete data back-up, a complete copy of all data inside the scope is created on your data back-up medium. This method requires most space on your data back-up medium and the most time. With the differential method however, only the data changed since the last complete data back-up are backed up (those different from the last complete back-up). This considerably reduces the data volume, since unchanging data in particular only ever have to be backed up once. Recovery of a data back-up version takes place in two stages with this method: First, you will need to restore the last complete back-up you have, and then restore the required differential data back-up. The incremental method reduces the data volume to be backed up even further. Here, only changes compared to the last data back-up (no matter of what type) are backed up. If there is a need to recover data, you will therefore have to restore the last complete data back-up, the last differential data back-up as well as all subsequent incremental data back-ups.
The term data back-up medium denotes the container used to record a certain data back-up version. In its simplest form, this could involve a simple file with a specific file format, or a physical data carrier (hard drive, optical medium, magnetic tape,) on a dedicated back-up system. The choice of a suitable data back-up medium primarily depends on the organisational requirements (extent, frequency, retention periods and recovery times). In particular for long-term retention (archiving) of large data volumes, magnetic tapes have become the medium of choice.
Data back-up media and their storage are of absolutely vital importance for the whole data back-up process. As far as risk assessments are concerned, factors such as physical protection, storage conditions, availability, accessibility etc. must be considered. Generally, data back-ups should be insulated against external influences to the maximum extent possible. In connection with ransomware for instance, you have to ensure that data back-ups are stored in such a way they are completely out of reach of any attacker. It is therefore vital to store them offline.