The whole is greater than the sum of the parts. Although you may have planned for individual components of data recovery after an incident, the overall impact must also be assessed. An example is the need to recover operations that have been successfully transferred to a disaster recovery backup site, in order to have them running once again on the primary site. In some cases, this final step can be even more complicated than the initial move out to the secondary site. Or you may have forgotten to include computing systems that live outside the perimeter of ‘official’ enterprise backup. A combined top-down and bottom-up approach can help to cover all the bases.

The top-down part of your understanding is driven by knowledge of the organisation’s overall objectives and critical sub-objectives. When you know which the mission-critical activities are, you can establish which data must be safeguarded and recoverable at all times for those activities. You can map out the systems they run on, the people who use those systems and the ‘go-to’ person for the security of any given system. With this portfolio of goals and systems in mind, you will be able to define any necessary priorities and take precautions to make sure that data recovery is done as fast as possible, but without overwhelming any individual application.

The bottom-up part requires observation of what is in fact being used by different employees or departments. Bring Your Own Device (BYOD) computing may mean data being stored on mobile computing devices that have not yet been included in systematic data safeguards. Strategically important spreadsheets may be held on local systems that are isolated from your data centre servers. All these devices need a suitable path defined back upwards to bring them into the data recovery plan. When you can track every top-level goal down to its constituent systems and data, and every IT resource back up to a business activity and objective, your understanding of your data recovery needs will be measurably improved.