Studies show that backups are one of the most overlooked, most poorly implemented and lowest prioritized solutions for many businesses. Sometimes just having backups aren't enough, Creating a Backup Policy with a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP) will give you better assurance. The process to follow would be to perform a Business Impact Analysis (BIA), this will help to determine the risks and critical processes. This will help to build all the proper procedures and policies to clarify that your business will continue running in an event there is a natural disaster, corruption, compromise or other problems which may interrupt your business production.
The thought of a problem or issue doesn't come to mind until it actually happens, and when that minor or significant disaster comes, you should be prepared. You need to prep your business, this means your staff and yourself with the proper procedures, process, and training with the policies and documents which was created to keep your business running. The proper steps to take starts with a Business Impact Analysis (BIA), this analysis will then help you to create a Business Continuity Plan (BCP) and within that BCP, a Disaster Recovery Plan (DRP) which will be customized accordingly to your infrastructure.
The Business Impact Analysis (BIA) helps to identify key points in your businesses infrastructure, from the low risk areas of the network, the servers, its devices to the higher risk areas of those devices. Within each of those devices, there is a level of severity which can impact or cause a major downtime to your production. Once the Business Impact Analysis (BIA) has been completed, the Business Continuity Plan (BCP) and the Disaster Recovery Plan (DRP) can be written up and implemented, followed up with and used to audit your business infrastructure to help you be compliant in some aspects.