Setting up a backup and recovery infrastructure begins long before you decide on the hardware, software, and connectivity solutions. It makes no sense to buy before you know what you are protecting.
The knee-jerk reaction is to backup everything and have it available for recovery. This attitude, while understandable, is a very expensive one. Backing up directions to a co-worker's house for a barbeque hardly makes sense. Newsletters included as email attachments should not be backed up without very good reason. Unless you have endless (or free) storage capacity, saving absolutely everything will eat up that capacity at high speed. Bottom line, smart IT managers decide which files are mission critical or business critical for backup and recovery planning.
Good corporate governance, as well as federal, state and local regulatory requirements, would put business records in the mission-critical or business-critical categories. But deciding what files constitute business records might be an issue. Each department IT supports believes that its data is the most crucial. Human resources will point to pension records, accounting will point to all of its databases, engineering will point to CAD/CAM files in all of their versions, and marketing will point to its customer information management (CIM) records.
The 2001 ISO records management standard (ISO 15489) provides a sound basic definition for a business record. Using the standard, a record is:
"Information created, received and maintained as evidence and information by an organization or person in pursuance of legal obligations or in the transaction of business."
Some would complain that the ISO definition is very broad. They would be right. It would include memoranda, emails, instant messages, plans, graphics files, text files and more. But in a business climate where litigation in endemic, if not epidemic, failure to protect and be able to readily recover these broadly-defined files could result in commercial suicide. And while you are planning, be sure to safeguard data that could be used in identity theft or financial identity fraud: customer and employee names, contact information, social security numbers, taxpayer identification numbers, internal account numbers, and purchase order numbers.