Backup Audit Plan

What is your current backup process?

  • Who is in charge of the current backups?
  • Who has access to the backups?
  • What is your current backup schedule – nightly, weekly, incremental daily?
  • Who gets notified of successes and failures? Is it monitored?

Testing / Validation of the backed up files.

  • You are backing up your data, but have you ever restored a file and confirmed it?

Recovery Thresholds

  • What is the acceptable amount of data loss? For example, if you are doing nightly backups, and you have a hardware failure at 3PM, any work that was saved to those files during the day would be lost. Is that acceptable?
  • In the event of hardware failure or data loss, how long can your mission critical system be down?

What files are you are backing up?

Are you backing what think you are?

  • Accounting Software
  • Email
  • Shared Drive / Files Shares
  • User Directories
  • Legal Documents
  • Any databases with business critical data.
  • Applications and settings
  • License keys

Have you confirmed that the folder(s) with the data you care about the most are getting backed up?

When was the last time you checked to confirm that you are backing up what you think you are backing up?

Verify your retention periods.

How long do you need to save your files for?

For example, if you are backing up weekly, and you accidentally delete a file, 1 month later you realize you shouldn’t have deleted that file. If you are just backing up weekly and not keeping copies of backup tapes or using some method to store backup files, that file is gone – and without some serious effort will never be recovered.


Typical Best Practices for Rotation of Backup Media (tapes, USB drives, etc.)


  • (Monday – Thursday) (4 Backup Media ) – stored off-site


  • Dedicated Friday backups that get pulled out of the rotation and stored off-site (4 backup media per month)

Monthly (Archive)

  • Pull 1 backup media of the weekly rotation once per month. (12 per year stored off-site)