The principal reason for a data storage policy is to ensure that an organization securely stores all data and information and can retrieve it when needed.
Data storage is an essential business activity, and a policy provides the framework and direction for storage procedures and good practice.
In the early days of data processing, a method and place to store data was a primary goal. Over the decades, data storage has increased in its capacity to store electronic files, records, documents, graphics and other data with less physical space requirements.
Organizations today store data in the cloud, with specially designated storage servers or on standalone storage devices such as hard drives and solid-state drives. They connect everything using SANs or other linkages.
On-site storage had been the traditional place for data. However, the advent of remotely managed storage services, such as those using cloud-based technology, have grown in popularity and often share storage duties with an on-site array.
As a result of all the choices for storage, it's important to have a clear policy. This article, which explains the issues to address in preparation of a data storage policy, wraps up with a downloadable template that organizations can customize as needed.
Components of a data storage policy
Corollary elements to a data storage policy address several important factors:
- types of data and information;
- location of data;
- timeline for storage;
- retrieval mechanisms to gain access to the data;
- mechanisms to identify different generations or versions of data, and when stored data becomes archived data;
- budgetary considerations; and
- employees responsible for data storage activities.
Additional components in a data storage policy can specify how the organization complies with data storage activities as prescribed by various standards and regulations; types of data that an organization must store on site versus off site in a managed services environment; and data that the organization must store for retrieval in situations involving litigation. The organization should periodically review and update the data storage policy to ensure it supports storage requirements.
Data storage versus data management
Data management comprises several disciplines, including storage, security, protection, recovery and destruction. The fundamental component of the data storage policy is that all data and information not in active use must be in secure storage.
Check if policies for other data management activities are in place and cross-reference them as needed. An organization, depending on its IT management philosophy, may prefer separate standalone policies for data management activities. In other organizations, a single all-encompassing data management policy may suffice. Regardless, have at least one policy addressing data management, as this is particularly important from an IT audit perspective.
Create a storage policy from scratch
The template that complements this article provides a foundation for creating a policy focused specifically on data storage. The template is structured to differentiate it from other prospective data management policies.
The data storage policy template addresses the key issues associated with storage. Organizations can adapt it as they wish according to their requirements.
Download the free data storage policy template here.