• Office of the Comptroller

Review and Test Your Data Backup Plan 3-2-1

Cyber experts recommend a “3-2-1” backup plan for critical data to ensure that it is properly retained and available to be restored if there is a cyber event that locks up or steals the data. Critical data is defined as part of your data inventory and Disaster Recovery Plan.   

  • Have at least 3 copies of data. 

  • Store the copies on 2 different types of media. 

  • Keep 1 copy at a location offsite such as on the cloud on tape. 

Routinely test the backup copies to ensure that copies are being properly maintained, and test the process for restoring data (Disaster Recovery Plan) to applications if data is compromised. At a minimum, third party contractors that host your data should replicate this plan.


See Four Steps to Prepare for a Cybersecurity Risk Assessment for how to create a data inventory. Visit  the  Cyber Center for additional resources and links for cyber alerts, and contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks.


OFFICE OF THE COMPTROLLER OF THE COMMONWEALTH

William McNamara, Comptroller of the Commonwealth

One Ashburton Place, 9th Floor, Boston MA 02108

comptroller.info@mass.gov

For your protection, please do not email personal information (e.g. Social Security Number, Bank Account Number, Passwords).

For assistance, please call us at

(617) 727-5000

  • Twitter
  • Facebook
  • LinkedIn
  • Instagram