Communicating Backup Retention Policy 2024

Communicating backup retention policies will be the focus of the article today. This has got to be one of the biggest misunderstandings between service providers and backup clients that still occurs today.

Backup retention policies are often relegated to tech stuff that is too complicated to explain to a client and on the other side of the fence. It is true, it is a relatively complex area of discussion that most clients will not be very interested in.

Take a look at some of our back up resources below that may interest you:

• 5 Tips On Backups As A Service
• FreeNAS versus TrueNAS Storage Operating Systems
• TrueNAS versus Nexenta Community Edition
• TrueNAS versus OpenFiler Community Edition

This means we as service providers need to find a way of explaining complex backup processes in a way where the client sees value in the conversation and that means presenting it in a way that demonstrates the importance of backup retention as it applies to them.

Communication is everything here because it is not good enough to give clients an explanation that is too confusing for them to absorb.

I mean if you really think about it, we always talk about how we have the best back-up solutions and go on about all the features and when it all comes down to it, the client does not care one bit about any of it, all they care about is can you recover information when they need it so the retention period of even the cheapest backup needs to be explained to the client in a simple easy to understand way that focuses on scenarios that demonstrate the benefit to them in a disaster recovery scenario.

As a secondary goal of the main topic, I will also discuss how documentation can help managed technology service organizations maintain disaster and recovery solutions effectively as it specifically relates to this topic.

Information & record keeping is also an essential aspect of the IT industry whether it be storage solutions discussed here or the steps involved on how to avoid client lawsuits when it comes to disaster recovery situations or inheriting a backup environment from an outgoing service provider so that others can fault find in a time effective fashion . It enables IT consulting advisors to manage and maintain the IT infrastructure of their clients effectively.

We have years of experience in working with service providers to document their processes and procedures and there is no area more important to a service provider than how their clients' backup and disaster recovery systems are documented unless of course your business reputation is not important to you.

What Is A Backup Retention Policy

It is not what many service providers believe which is often a complicated specification of what you as a backup provider backs up for the client, it is actually a recovery and restore roadmap for the client detailing exactly what information they can restore and under what circumstances.

Backup Retention Technicalities

When I ran my own managed services organization, I offered only 2 types of backup services and if the client was above 5 staff then they were offered only a single backup solution that incorporated both cloud level backups and a local backup component.

Now it is up to you how you structure your backup offerings however my strong recommendation is to only offer a single backup solution which incorporates both an online backup as well as a local NAS solution and package that up as a single offering.

This makes explaining backup retention so much easier for both parties.

Legal Retention Policies

It is important that if you believe a client is going to be relying on your back up solution to adhere to the regulations that their industry belongs to that you make it clear from the start and it should be treated separately from the backup solution being provided and ideally whatever solution you may be reselling, it should include certification for the relevant retention regulation. Trying to do it yourself is a recipe for disaster.

Legal retention policies depending on your industry and the country you operate in. The USA for instance requires 3 years of employee records kept under the fair labor standards act (FLSA)

There are also mandated data deletion requirements and or data archiving depending on which industry your organization works within.

General Data Protection Regulation (GDPR) is an EU regulation framework and needs to be “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.” GDPR permits organizations to store personal data for longer periods than other more restrictive regulatory practices.

The Health Insurance Portability and Accountability Act (HIPAA) is a United States based regulatory framework for industry related to health and medical organizations, it does not have any country wide requirements for retention of client medical records.

HIPAA varies from state to state, it does include specific terminology relating to the retention of records.

These are quite complex and any organization that has to adhere to HIPAA should investigate their own particular circumstances and ideally only utilize HIPAA compliant backup applications that already comply with this.

Backup Information For Service Providers

Below is the sort of information we all understand as a service provider however it can introduce confusion for both the client and less experienced technicians:

Within Monthly Data Quota

• Always incremental - Individual Office type files
• Monthly to 6 Monthly - 6 months
• Weekly – 4 weeks
• Daily – 7 days

Over Monthly Data Quota

• Always incremental - Individual Office type files
• Monthly - 3 months
• Weekly - 3 weeks
• Daily - 5 days

Now I have been in managed services for 25 plus years and this even confuses me and along with the subject of calculating a complex subnet mask, I find myself needing to retrain myself.

So how on earth is a non technical client busy with a million problems in their own business going to be able to take this information and be able to calculate in which set of circumstances they can safely assume they can recover their information.

They will adhere to the default setting of all non technical clients and that is trust you implicitly that whatever solution it is you are offering will cover every conceivable data recovery situation and if it does not, they will if you are lucky, shout at you and take their business elsewhere or if you are unlucky, find yourself with a lawsuit due to lack of backup performance.

Now at best you will either go through that painful backup experience and have all of your legal contracts buttoned down and technically win the legal action or experience one of the hundreds of gaps that the judge does not really understand and could be interpreted one of 7 ways and find yourself having to pay out something beyond the horrendous toll it takes in both time and effort.

Communicating What Your Backup Solution Does Not Do

The best way to avoid expensive legal disputes or unhappy clients is to properly communicate what your backup solution does not do.

Spend the time creating a mother beautiful brochure with pretty graphs and a long FAQ about what your primary backup solution does not do.

Your client does not want to be in a situation where they are being told they cannot recover documents in a situation where they cannot, as much as you do not want to be in a situation where you cannot deliver those recovered documents.

The only way to avoid this is to communicate the recovery abilities of your backup solution.

Explaining What Your Backup Does Not Do

So definitely keep the technical aspects at the top of your backup agreement followed by exactly what type of scenarios they will not have backup coverage. As I always recommend, always get a proposed backup agreement signed and every page initialed if possible, if they decide to go ahead with your disaster recovery proposal.

There are two components that need to be communicated to the client as far as conceptualizing to the client what your backup is capable of:

RPO - Recovery Point Objective

Recovery Point Objective relates to the point in time your client wants to potentially recover their data from.

RTO - Recovery Time Objective

Recovery time objective relates to the time it will take to recover the information the client wants. As you can probably understand, this should be less than the time it takes for the client to recreate the information they are trying to recover at a bare minimum.

Conclusion

You should always be advising your clients on what and when their paid backup is not covering their requirements. We are getting to the point where the higher price points can offer incremental backups forever up and including image based backups.

Nice if your client can afford a big internet pipe that can handle that level of data transfer, however there is still a big gap between client expectation (which is often total coverage) and what your backup plan covers.

Ensure you give real world scenarios to your clients so that they can make an informed decision as to if they need to spend money for improved backup coverage.

It is vital that you leave the level of backup coverage with your clients, sure they can choose to have less coverage and take a greater risk however you need to cover yourself here and make sure you have a record that the client was offered an appropriate backup solution and rejected it.

If that is not undertaken and they are paying for a back up solution that fails to recover their information in a scenario that your solution fails to cover even if you are aware of this then you are rolling the dice when it comes to legal action against your business.

We have a number of other backup and client related articles listed below that will provide you with more detailed information on a number of related topics:

https://optimizeddocs.com/blogs/backups/backups-client-index

Our team specializes in strategies for technical helpdesk organizations that assist in improving profit margins through standardization and consistent record keeping strategies, so you can be confident that our content is tailored to your needs.

Please feel free to explore our other articles and click on any that interest you. If you have any questions or would like to learn more about how we can help you with your documentation needs, please click the "Get In Touch" button to the left and we will be happy to assist you. Thank you for choosing us as your trusted source for technology documentation.