Modern IT products, used by modern and compliant businesses, must convince customers that they contain sound High Availability (HA) strategy in place. Architected, Designed and Implemented.
Key point: For GDPR Compliance, High Availability strategy must be documented and implemented.
High availability strategy must include the appropriate backup and restore operations to make sure that the Business IT Platform is resilient. And who is accountable for this Business IT Platform? No one else but you: The Data Controler.
When an incident, such as a media failure or user error occurs, the Platform must be able to restore the affected part of the environment or data in a timely manner. An effective backup and restore solution should enable the Platform to meet the Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). Both of which a prudent IT customer is always happy to define, impose and monitor adherence to.
Therefore. Going forward the Data Controller has to show understanding and implementation of these 4 key KPI’s
- Security
- Compliance
- Recovery Time Objectives (RTO)
- Recovery Point Objectives (RPO)
By ‘understanding’ here I mean: Assure resilient solution process and firm technology supporting it are both in place.
Which in turn means: process and technology, both Architected and Implemented.