1. Guides
  2. Cyber security
  3. Understanding backup and retention

Understanding backup and retention

backup and retention, serve two different purposes in information management
woman in front of laptop with code on the screen

When managing your organisation’s information, it’s important to understand the difference between backup and retention, as they serve two different purposes in information management.

Backup

 A backup is a copy of your information that is stored separately from the original, and it is used to restore your information if it is lost, damaged or corrupted. Think of it as a safety net – if something goes wrong (e.g. a system crash, accidental deletion or cyber-attack), a backup allows you to recover your information quickly. Backups are made regularly (daily, weekly, or monthly) to ensure you always have a recent copy of your information in case something goes wrong.
Key points about backup:

  • It is used for information recovery in case of a loss or corruption
  • Backups are created at regular intervals
  • Backup information is stored separately from the original (e.g. in the cloud, an external hard drive, or another server)

Backup requirements include:

  • Backup frequency – daily, weekly, monthly, or on-demand.
  • Recovery time/speed – allowed downtime to recover the information from the backup source.
  • Backup location – e.g., cloud, local device, external hard drive, USB drive. Each option has its pros and cons regarding cost, security, accessibility, and scalability.
  • Endpoints (computers, tablets, smartphones) that contain information that might be uniquely stored on them.
  • Security and encryption of the backed-up information.
  • Frequency to test the backup solution/backup failure alerts.

Retention

Retention, on the other hand, refers to keeping certain information for a specified period due to legal, regulatory or organisational requirements. Retention policies define how long information must be stored before it is archived or deleted. For example, child protection records must be retained for up to 25 years due to legal requirements. Retention policies ensure that you keep important information for as long as necessary but don’t hold onto information indefinitely, which can pose security risks or lead to unnecessary storage costs.
Key points about retention:

  • It is about how long information needs to be kept
  • Retention is driven by legal, regulatory or organisational policies
  • Information is stored for a set period and deleted or archived when no longer needed.

It’s important to consider sector-specific requirements when creating your organisation’s backup and retention plans. Different industries have different legal obligations for how long certain information types need to be kept. By aligning your policies with these rules, you can avoid fines or other legal issues.

In summary, backup is focused on creating a copy of your information for recovery in case of accidental loss or damage. Retention is about keeping certain information for a specific period to meet legal or organisational requirements.

 

Read more

Information classification and security: a practical guide

Achieving intermediate cyber security

Rate this guide

No votes yet

Status message

Thanks for rating this guide.

CAPTCHA

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Related posts

Files with confidential papers stacked in piles
Guide
Intermediate
Information classification and security: a practical guide
No matter your organisation size, knowing how to manage digital information will help you reduce risks and meet legal obligations.
Questions to ask your IT managed services provider
Guide
Intermediate
Questions to ask your IT managed services provider
Key questions you should ask your managed services provider about their cyber security and how they help protect your systems.
Questions to ask your SaaS application provider
Guide
Intermediate
Questions to ask your SaaS application provider
Key questions you should ask your Software-as-a-Service (SaaS) business system providers about how to protect your sensitive information.
info-sec
Guide
Intermediate
Information security policy for not-for-profits
To define and formally document your cyber security practices and processes, you can download and customise this template for your not-for-profit.