Cities are stewards of information that serve the public good. They keep records about city business and comply with open records and FOIA laws. As most information today is electronically created and stored, that information also needs backing up in case of an incident such as a server failure, natural disaster, and (yes) ransomware.
That’s why a records management strategy that backs up important documents and data is so critical. States have passed rigorous document retention schedules with the expectation that cities will keep and produce records upon request. The excuse of “We didn’t back up our records” is not a good one—leading to financial and legal liabilities along with a potential public relations disaster.
If you’re worried about how your city records are backed up, then ask yourself the following questions:
How are my city’s records backed up?
Sometimes, cities think they are backing up records when they aren’t. For example, the following common scenarios are not proper data backup solutions:
- Manually backing up data to an external device. External hard drives or flash drives that depend on someone manually backing them up is an unreliable method and prone to human error.
- Using consumer-grade data backup solutions: While these solutions are better than nothing, you cannot guarantee that they are backing up all your critical data and that you will recover it after an incident. Also, ask yourself if your consumer-grade solution is compliant.
- Syncing files across different cloud storage platforms. While syncing files in two different locations may seem like backup, what happens if you delete a file or get a virus? Those changes get synched—and thus all your synched data is deleted or corrupted.
- Copying files into another folder within the same records management system: If something happens to your server, it will affect all files—even if they’re copied into separate folders.
- Relying on virtualized servers with redundancy built into them. Just because a server duplicates data within the same server or duplicates data across multiple virtual servers hosted within one physical server doesn’t mean it’s backed up. Server virtualization, with or without data replication, is not a data backup strategy.
A proper data backup and disaster recovery solution contains an onsite component for quick recovery, offsite component for disaster recovery, periodic testing to know you can recover, and real-time monitoring and maintenance overseen by IT professionals.
Are employees actually using the document management software?
This may sound obvious, but it’s not. Old habits die hard, and people like to take the quickest path to a solution. That quickest path may not involve following processes related to using a document management system.
You cannot back up what isn’t stored in the document management system. If employees are storing documents on their own computers or devices without placing them in the document management system, then recovering your records may be much harder when you cannot find files that were never stored there. Enforcing policies is a must.
Are my data backups only accessible by authorized people?
You want to make sure that data backups are as safe and tamper-proof as possible. If too many people have access to backed up files, then confusion, errors, and mistakes can occur. Ransomware may even access your data backups if someone is compromised. The backed-up data should only be accessible to administrative or service accounts and used only in case of emergency—such as after an incident that destroys equipment or eliminates access to data.
Is my data backup automated?
As part of automating record retention schedule tasks within your document management system, automated data backup tasks ensure that no human interaction is necessary from non-technical users. As records are uploaded into the document management system, they can be automatically backed up and accessible in the event of an incident such as a server failure. Automatically indexing these files also helps you manage them according to retention schedules.
Is my data backup storage appropriate for my city?
We see cities risk not backing up records because of storage situations. For example:
- Cities often do not have enough storage to back up all critical data. Limitations include the amount of storage on existing backup servers or through cloud storage that the city purchases.
- Cities often run into cost issues. Many storage vendors exist that have pricing models not conducive to cities. When cities budget for expensive storage, they purchase less of it—and back up less critical data.
- Cities encounter data backup efficiency issues. If data backup storage is configured or managed poorly, then it can take too long to upload backups, interfere with employee productivity (by slowing down systems), and fail to back up data effectively or in an easily accessible way. Sometimes after an incident, it takes way, way too long to restore data—suggesting that the data backup storage solution cannot address the need for quick time to recovery.
Cities need unlimited offsite data backup storage to make sure they do not hit arbitrary storage limitations or price caps.
Do I test my data backup solution?
Too many cities believe they are backing up data only to realize the stunning truth after an incident—that the backups were corrupted or failing for months or even years. Periodic testing ensures that you can actually restore city records. You don’t want to find out too late that your data backups weren’t backing up all critical data, that you don’t know how to actually restore your data, or that the time to recovery of critical data takes weeks or months.
A strong data backup strategy helps with business continuity and disaster recovery related to city records. City clerks need to feel peace of mind that data is automatically stored and backed up. And city employees need to follow processes related to a city’s records management software so that any records they upload or edit (with authorization) are available and recoverable.