08) Does your organisation regularly test backups to ensure their effectiveness?
IT Operations Backup Testing
Written by Haydn Brooks
Created on March 18, 2019
Modified on June 7, 2020

Answer yes if your organisation regularly tests its backup data to ensure that the backups are effective and can be used when required. Please state the frequency of the tests in the notes section.

Backups are a critical control in your organisation’s control landscape. Data loss can occur for a variety of reasons - ransomware, user error, and system malfunctions for example. Testing backups to check that they are usable is an important part of your backup process.

Backups that are not regularly tested are essentially useless. Without consistent testing, you run the risk of losing the data, applications, systems, and workloads that your backups contain, potentially with no way to recover them. A comprehensive testing plan is a necessity to ensure your backups will perform as expected in a disaster scenario.

There are two ways to test your backups. The first is by using an automated integrity checking tool that checks to make sure your backups aren’t corrupted. Most tools used to take backups will have a feature that checks the integrity of the file built in. The second, is by restoring samples of your backups to ensure they are usable. This is key to ensuring your backups are usable and that your IT team can recover data quickly and efficiently.

How to implement the control:

Your IT team must ensure backups are regularly and consistently tested. This can be through the use of an integrity checking tool, or through actively restoring data to prove the backups are viable. Both approaches should be taken in a comprehensive and documented testing plan.

There are many tools and services that your IT team can use to facilitate easy backup testing.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.