Home Compliance & Certification Backup Automation Guide

Backup Automation Guide

Last updated on Sep 22, 2025

1. Purpose of this Guide

This artefact demonstrates that your company has automated backup schedules in place, even for non-critical systems. Compliance auditors want to see that data protection isn’t left to chance — backups are configured, running regularly, and not just manually triggered when someone remembers.

2. What You Will Submit

You will need:

  • screenshot from your backup solution showing:

    • The system or dataset being backed up.

    • The backup frequency (e.g. daily, weekly, monthly).

    • The schedule or automation settings.

    • (Optional but strong) recent backup job completion status.

3. How to Collect / Obtain / Generate This Evidence

Microsoft 365 / OneDrive / SharePoint:

  1. Go to the Microsoft 365 Admin Center.

  2. Under Settings → Security & Privacy → Backup, review configured backup policies.

  3. Screenshot the page showing backup automation (frequency, retention).

Google Workspace:

  1. Open the Google Admin Console.

  2. Navigate to Apps → Google Workspace → Drive and Docs → Backup & Retention.

  3. Screenshot the settings showing automatic backups or retention rules.

AWS Backup (for EC2, RDS, DynamoDB, etc.):

  1. Log in to the AWS Console.

  2. Open AWS Backup → Backup Plans.

  3. Select the relevant plan and screenshot the schedule (frequency, backup vault, lifecycle).

Other popular SMB backup solutions:

  • Acronis Cyber Protect: Go to Backup Plans → Screenshot the schedule and status.

  • Veeam Backup & Replication: Open the console → Jobs → Backup Job Properties → Screenshot the schedule tab.

  • Datto / MSP solutions: Navigate to Backup Management → Device Settings → Capture automation schedule.

4. Evidence Format

  • Accepted file types: PNG, JPG, PDF.

  • Suggested naming format:
    YourCompanyName_BackupAutomation_YYYY-MM-DD.png

5. What “Good” Looks Like

  • Screenshot shows automation clearly configured (not just a manual backup).

  • System or dataset identified (so it’s clear what’s being backed up).

  • Frequency visible (daily, weekly, monthly).

  • Timestamp or last run info (to prove the schedule is active).

Why it matters: auditors want to see that backups are happening by design, not by accident.

6. Tips

  • Avoid screenshots of blank or inactive schedules — that will be flagged as insufficient.

  • Show at least one completed job in the logs if possible, to prove it’s not theoretical.

  • Redact sensitive system names if needed before uploading.