Back up systems are not recordkeeping systems December 21, 2012

Back up systems are not recordkeeping systems

Last month we reported that backup systems are not recordkeeping systems.

Since then, our excellent colleagues at the Public Record Office of Victoria have developed an Issues Paper, Use of Back-up Technology to Archive (comments due 31 December).

Their Issues Paper states that the use of backup technologies to archive data will not meet the recordkeeping standards of the Public Record Office.

The PROV Issues Paper explores:

  • the distinction between archiving (in recordkeeping terms) and backup
  • issues with using backup technology to archive data in accordance with recordkeeping requirements
  • issues with using different media types (eg magnetic tape, hard disks, etc), and
  • a range of other issues associated with the backup process.

It is definitely recommended reading if you want to know more about why backup processes are not substitutes for recordkeeping processes.

If however you need a quick explaination for staff about why backup systems are not recordkeeping systems, we have provided a summary here.

Backups serve a necessary, but a short term, disaster recovery purpose. The PROV paper states that backup solutions are designed to be used when data ‘has been corrupted or destroyed by hardware failure, software failure, operator error or malicious action’. They are not designed to support long term information access. This is the role of organisational recordkeeping and information management strategies.

A comprehensive information management strategy will encompass both backup and recordkeeping – backup for business continuity purposes, and recordkeeping for information accessibility, accountability and sustainability requirements. In other words, organisations need both backup and recordkeeping to comprehensively protect their business information.

Backups cannot be used instead of recordkeeping systems and processes because, by their nature, backups are useful for relatively short term rectification purposes. Backups are copies of your recent business information that will enable you to reconstruct your data to the state it was in prior to an incident of system or data loss, and therefore allow your business operations to continue to function with little or minor disruption. They are not designed to protect and make your information available in the longer term.

You need all of the following to extract information from backup: the software used for the backup (probably within a short version range), a physical device that will read the backup media (for example an SDLT tape drive to read SDLT tapes) and a similar physical infrastructure to the original environment that was backed up (for example, a Windows server with particular disk characteristics).

All of these components will be readily available in short term scenarios but as soon as you move into 3-5 year timeframes, with the fast media and system development and upgrade cycles that are common across all business environments now, it is unlikely that all these components will continue to be available. Once any of these components are no longer available, or no longer work effectively with the other components, access to the backed up information is effectively lost. Backup media also physically deteriorate without active management which increases the likelihood of information loss if backup is used as a longer term recordkeeping strategy.

Another complication is that backup processes copy data as it was maintained in your corporate systems and networks at a particular point in time. Access to information, and determining where you might find it, therefore relies on knowing the administrative and IT structures that were used to create and control the information. One or two years down the track these administrative and IT structures can change quite significantly. Therefore back  up data can also become inaccessible because you are no longer able to find the location of your required data, or remember what it was called, where it was located or what disk it was on.

Therefore it is likely that any business information you need for periods of longer than 3-5 years (and this is actually a very large proportion of your business information) is at significant risk if you are relying only on your backup systems to maintain it.

At State Records we have been hearing that some organisations are implementing annual backups which are designed to be kept in perpetuity. Due to the technological difficulties of maintaining data accessibility for even 2 years let alone forever, this is just not a valid recordkeeping or business continuity strategy. Too much information of long term business value risks being lost in these types of blanket strategies that do not meet corporate and information governance needs.

Instead, business continuity strategies and information management strategies must work hand in hand, and the information management strategies must be relied up to protect and maintain information of long term business value.

At State Records we recommend that records and IT staff work together to develop coordinated information management and backup strategies.

To develop these coordinated approaches, records and IT staff need to:

  • get together and discuss their respective approaches
  • determine where recordkeeping strategies are needed to support long term value business information
  • develop appropriate recordkeeping approaches to create, capture and sustain long term value business records
  • ensure ultimately that backups are used for business continuity purposes and that  recordkeeping strategies cover all your organisation’s longer term needs for information accessibility, accountability and sustainability.

As usual, if you have any alternative ideas or viewpoints, please let us know.

And a big thank you to David Thornell, CIO of State Records, for his input into this post.

Leave a Reply

You must be logged in to post a comment.