Here is part two of what senior partners need to know and do to avoid fines and personal culpability for data security.
Follow this to reduce your personal risk.
One of the worst things is to believe you have been doing your job and protecting client data, only to find out that the person entrusted with your data backup cannot restore the data. It’s gone.
To avoid this you don’t have to be technical you just need to know the right questions to ask of the right people. Ideally, your tests prove you can restore data – fully, quickly and easily.
Copy and paste the following email and send it to whoever is in charge of your backup regime:
Dear IT Person
Please can you send me a report on what test restores of our backups we have done in the last 12 months and what test restores we have scheduled for the next 12 months.
The report should include:
- The data we restored.
- How long it took to restore.
- Was the restore successful?
- The reason for any failures.
- Suggested improvements, with a list of who is making them and by when.
Yours sincerely
[your name]
What are you looking for in a reply?
Here’s a checklist of what you are looking for.
- An executive-friendly report, with clear details of how well your backup test restores are working.
- Complicated, technical spreadsheets are great for engineers. They need those, but you need to know, are the results meeting your minimum standards?
- That applies to a range of restore scenarios, how quickly and easily can you restore:
- one file
- a user’s entire mailbox
- your entire network
Keep your report, date it and repeat in three months. Without regular, written reports you run the risk of having a false sense of security. You should feel happy to put your testing regime in front of clients, prospects or the ICO. Because if you have a breach that is what you will have to do.
I said the point of a backup is a quick, full, easy restore. But, “quick” and “full” often mean something different to you, as a partner, and the IT department. Unfortunately, you are the legally responsible one, so the next post will detail how you can set those standards.
This helps you start building your own documented process for testing, reviewing and improving your backup. But if you are struggling call me (020 7572 0000) or email me (simon@thefinalstep.co.uk).
You can also download our free guide for senior partners. Learn how you should approach, plan and action a backup and recovery plan to protect your firm and its reputation.