What is a backup policy?

Backup policies are plans set out to mitigate against data loss in the event of ransomware attacks, data corruption or hardware failure. The complexity of the backup policy is dependent on the size off the organisation, quantity of data, number of applications and regulatory obligations of the organisation. If created correctly, it can significantly help an organisation to return to business as normal.

Data is the most valuable part of a computer system and may be irreplaceable if lost, the following tips can be used to help you prepare a backup policy in case the worst happens.

How to best implement a backup policy

  • Identify the most critical data to your business and set out your plan ensuring that data is prioritised.
  • Frequently take backups, especially of the most critical data.
  • 3-2-1 approach – Create 3 copies of data with 2 different media types stored locally and 1 stored offsite.
  • Keep backups of multiple versions of your data. In the event of data corruption in current versions you will need old versions to fall back on.
  • Regularly test backups.
  • Keep backups encrypted.
  • If you can, have the backup process automated.
  • Create a data retention policy for your business, there will be a storage cost for the data you keep so think about how long you need to keep data for. This needs to take into account regulatory and legal obligations.

Further Information

For further information on the topic links to the UK National Cyber Security Centre advice on backups can be found here.


For any insurance questions please contact Bullerwell & Co Ltd today.