Every computer system must have a documented and audited backup and full recovery plan in case of an emergency. The initial step in developing the plan is to assess applications and data to determine what is critical to daily operations. The plan must include an emergency operating procedure to use until systems can be placed back online and testing procedures to ensure a system can be restored fully from backups.
Without this plan in place, your practice/business can and will fall prey to a number of debilitating situations. Natural disasters, power outages, computer viruses, or even a simple program crash could shut down permanently any organization that is not prepared.
The plan also must address how your business handles backup media, as doing so in an insecure manner could give an unauthorized person complete access to your computer system’s files. You must store all backups in a secure location, and it should be off-site; otherwise, a fire could wipe you out completely. Typical backup storage locations are on a remote server, in a bank deposit box, or at a remote building under your control.
You should not store backup media near the primary data. This could lead to a total loss of data if a major disaster occurs, such as a fire or terrorist attack.