An Request For Proposal is a formal document explaining the type of product and features that an organization needs in a technology solution. Technology Vendors use the RFP as a guide to submit suggestions about how their products might meet your needs. In the world of backup and Recovery, there are several important factors you need to include while developing your businesses unique RFP, from security protocol features, to recovery options. Check out these top five things to include while making a backup and recovery product Request For Proposal. Happy hunting!
Do Your Homework
Before you start to write an RFP, figure out what you really need, what you want, and in general, the purpose of the backup and recovery product. What type of product will enable IT teams/personnel to protect your data against/ reconstruct the database after an incident? Typically, backup administration tasks include, planning and testing responses to different kinds of failures, Configuring the database environment for backup and recovery, mainatining an appropriate backup schedule, monitoring the environment, troubleshooting in times of trouble, and data loss recovery. Decide what your business needs by meeting with IT, and plan your RFP according to what’s necessary to keep your data safe.
Consider a Confidentiality Clause
Vendors who respond to your RFP might be concerned about sharing confidential information with you, and your business too, might have reservations about sharing information about your own operations for the same reasons. One way of helping address privacy concerns of both parties, is by developing a confidentiality clause. It establishes an understanding that vendor and client will treat sensitive information with mutual respect, and that what’s said within the RFP response should not be shared or made public.
Get up-to-date on Compliance Regulations, and Include Relevant Criteria
Some major laws that impact how data is stored include:
The Sarbanes-Oxley Act (SOX) Act of 2002 established new and enhanced accounting standards for public U.S. companies. They not only require companies to produce information, but ensure that archived information isn’t changed.
The Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress in 1996; among other things, it improves the security and privacy of health data. It requires patient records to be saved during the life of the patient.
The Family Educational Rights and Privacy Act (FERPA) of 1974 specifies similar privacy rights for student educational records at all schools that receive funds from the U.S. Department of Education.
The Federal Rules of Civil Procedure (FRCP), a new version of which went into effect in December 2006, requires that participants in a civil case reveal retention practices and electronic formats of data. In addition, some states have their own laws on electronic evidence, which may or may not be the same as the federal laws.
Scope and Necessities
A Data Backup Plan should define and address as a minimum, the following:
- Personnel responsible for executing backup plan, keeping in mind data confidentiality best interests.
- Construct a schedule that routinely checks systems, and backup data. Be advised that, depending on backup and recovery solution provider, the cost of more frequent backup may increase. Make due with your businesses unique budget.
- Identify all systems and data lakes that require backup.
- Develop, and detail specific recovery procedures to restore data from backup repositories.
Consider a Provider That Offers DRaaS (Disaster Recovery as a Service)
A service that’s gaining momentum with enterprises, is Disaster Recovery as a Service, and with good reason. Great DRaaS service providers will literally act as your data saving superman, swooping in to save the data when IT hits the fan. In the event of a complete datacenter outage, IT staff can spin up all recovery nodes and downtime is limited only to the time it takes the VMs to spinup. DRaaS helps organizations fight ransomware, and other security threats by backing up your data as often as you’re comfortable with, down to the moment.