Database backup retention policy
Topic: Databases core
Summary
Define how long to keep database backups based on RTO, RPO, and compliance. Use full plus incremental or differential; test restore regularly. Use this when setting or reviewing backup retention.
Intent: How-to
Quick answer
- Set retention by RTO and RPO. Typical: daily full for 7-30 days; weekly for months; monthly for years if compliance requires. Store off-site or in another region.
- Document retention in policy. Automate deletion of expired backups; avoid manual only. Align with legal and audit requirements.
- Test restore from each retention tier (e.g. last daily, last weekly). Verify backup verification runs and alerts on failure.
Prerequisites
Steps
-
Define RTO and RPO
Decide max acceptable data loss and recovery time. Retention must allow recovery to within RPO and within RTO.
-
Set retention tiers
Daily full X days; weekly Y weeks; monthly Z months. Document; automate retention and deletion.
-
Test and verify
Restore from oldest retained backup periodically. Run backup verification; alert on failures.
Summary
Set retention from RTO/RPO and compliance; automate retention; test restore and verification.
Prerequisites
Steps
Step 1: Define RTO and RPO
Define max data loss and recovery time; retention must support both.
Step 2: Set retention tiers
Define daily, weekly, monthly retention; document and automate.
Step 3: Test and verify
Restore from oldest backup; run verification; alert on failure.
Verification
- Backups exist for each tier; expired backups removed; restore tested.
Troubleshooting
Restore fails — Fix backup or retention; improve verification. Compliance gap — Extend retention or add tiers.