Get it when you need it: Taking the Guesswork out of Offsite Storage Retrieval

Employing a third party to store and deliver assets critical to Disaster Recovery or Business Continuity Plans can be invaluable.  But offsite storage should never be “dump it and forget it”.  Despite everything your storage provider may promise, it’s what you don’t know that could become a problem when you need to retrieve your data backup, ‘go box’ or other essential recovery assets.

First, there’s the hand-off process.  If your IT team ships physical backups offsite on a regular basis, that process can become routine.  Over time, routine can slip into neglect. Neglect can result in outcomes that may a problem – or a disaster – when it’s time to recall those backups.  And if you are using internal means to store vital assets, understanding the process and its security is just as critical – perhaps even greater.

What is the process?  Is it documented? Is it verified with the vendor/provider periodically?  Take the time to visit the provider (or even follow their pickup agent) to see exactly how the process works.  Ask to see your stored materials, the vendor’s logs and their entry procedures in action.

Is the process secure?  Are critical stored assets handled in a manner that assures they are properly accounted for, preserved, secured and retrievable?

An international distribution company used an offsite backup storage vendor who arrived every evening to pick up the latest backup tapes from the loading dock in a sealed plastic bin.  A failed DR test revealed that every backup tape was blank: degaussed by the heavy-duty magnets in the tow-motors parked next to the backup tape bin each night!

Is the pickup process formalized, or just a guy driving his own car who throws your data into his backseat (or worse, stuffs it into a bag with other client’s backups)?  You’d be surprise how often the latter is true.  Are new or updated entries properly logged?  Just because you labeled it properly doesn’t assure the vendor will too.

Most importantly, no matter whom you use, no matter what the pickup process – be sure you have tested the retrieval process!  A crisis is not the time for surprises.  Is the retrieval process documented?  Are there security procedures (to assure someone else can’t retrieve your assets)?  Is access to that information adequately available? You don’t want to find you can’t retrieve your ‘go box’ because the person who knows the access code is on vacation!

Your offsite vendor should be happy to cooperate with your tests.  Don’t just do a ‘tabletop’ simulation test; contact the storage vendor just as you would in a real disruption.  Instruct them where & when to send items; then see what happens.  Check the results.  You may be pleasantly surprised; or you may be disappointed.  But that’s what tests are for.  Don’t assume your offsite routine works until you test it; then test it again every time you test the related Business Continuity or Disaster Recovery Plan.

SHARE:
Jim Mitchell

Jim Mitchell

A frequent speaker at Business Continuity conferences, many of Jim Mitchell’s blogs can be found elsewhere on eBRP’s website and has published articles in DRJ, Continuity Insights and Continuity Central. Jim has more than 20 years of experience in Business Continuity; if you don’t agree with his opinions – he won’t be surprised.

Related Posts

A Toolkit to Build Enterprise Resiliency

A Toolkit to Build Enterprise Resil...

A well-rounded Enterprise Resiliency Toolkit (𝗧𝗼𝗼𝗹𝗸𝗶𝘁) would provide key tools…
Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…