# Backup and restore

**What is a backup and why must it be tested?**

A backup is a copy of your data. What decides its value is the restore: only a tested restore run proves the copy will hold when it counts.

The rule of thumb is 3-2-1: three copies of the data, on two different media, one of them off site. Protection against ransomware adds one property. At least one copy has to be stored so that it can no longer be changed or deleted afterwards, not even by an account with administrator rights.

Two figures help you plan. The recovery point tells you how much work you can afford to lose. The recovery time tells you how long the business may stand still. Together they determine how often you back up and how the backup has to be built.

## Related terms
- [The 3-2-1 backup rule](https://vetosec.at/en/it-security/drei-zwei-eins-regel/)
- [Ransomware](https://vetosec.at/en/it-security/ransomware/)
- [IT emergency plan](https://vetosec.at/en/it-security/notfallplan/)

## Source
https://vetosec.at/en/it-security/backup-wiederherstellung/ (vetosec, schutz)
