What data does the organisation hold, and in what formats?
Data Management Services
Know what data you have, where it lives, how critical it is — and what happens if it is not there when you need it.
Most organisations understand that data is important. Fewer have a clear picture of where it all sits, how often it changes, which systems are truly critical, or how long different records need to be kept. Without that clarity, protection is guesswork — and recovery targets are built on assumptions rather than evidence.
Microsolve helps you move from assumptions to answers. We help you assess your data landscape, define practical recovery and retention targets, and put managed protections in place that reflect how your business actually operates.
Good data protection starts before backup
Backup is a control. Data management is a strategy. Before any control can be effective, you need to understand what you are protecting and why it matters.
Data does not sit neatly in one place. It lives across file servers, workstations, Microsoft 365 mailboxes and SharePoint libraries, cloud applications, line-of-business platforms, archived drives, and shared folders that have grown without oversight for years. Some of it is mission-critical. Some is sensitive. Some is duplicated, outdated, or stored in ways no one actively chose.
When that landscape is unclear, protection gaps are hard to see. Recovery plans are built around the wrong assumptions. Retention settings are often too short, too long, or simply not set at all. And when something goes wrong, organisations find out just how expensive those gaps can be — not just in lost data, but in lost time, lost confidence, and the cost of recovery under pressure.
"We find that the organisations with the most effective data protection are not necessarily the ones with the biggest backup budget. They are the ones who took the time to understand their data first."
Start by understanding what you have
A data location audit is the foundation of good data management. It gives you and your team a clear view of the information your organisation depends on — so you know what needs protecting, what can be archived, and what is creating unnecessary risk.
A structured audit helps answer the questions that matter most:
What data does the organisation hold, and in what formats?
Who relies on it, and how often do they need it?
How sensitive is it — does it carry personal, financial, or operational risk if exposed?
How frequently does it change — and how much could change between backups?
What is the real business impact if it becomes unavailable or is permanently lost?
The answers to these questions are not the same for every organisation, or even for every system within the same organisation. That is precisely the point.
A data location audit gives leadership the visibility to make deliberate decisions about protection, recovery planning, and retention, rather than applying the same settings everywhere and hoping for the best.
Structured Data Location Audit
Microsolve conducts structured data location audits as a standalone engagement or as the starting point for a broader managed data services review.
The output is a clear picture of your data landscape, along with a prioritised view of where protection, governance, and policy attention is most needed.
Set recovery and retention targets that match the way you work
Not every system needs the same level of protection, recovery speed, or retention period. Setting the right targets requires understanding how each system is used (and what the real cost of disruption or loss would be).
The three measures that matter most:
Recovery Point Objective (RPO)
RPO is the maximum amount of data loss your business can accept.
If a system fails and you restore from a backup taken four hours ago, anything that changed in those four hours is gone. Whether that is acceptable depends entirely on how often data changes and how much of that change is genuinely recoverable from other sources.
For a system that processes customer orders every few minutes, losing four hours of data could be catastrophic. For a system that is updated once a week, it might be entirely manageable.
Your RPO should be set by asking:
how much data could we afford to lose and still operate, recover, and report accurately?
Recovery Time Objective (RTO)
RTO is the maximum acceptable time to restore systems or data after a disruption.
Two hours? Eight hours? Twenty-four hours? The right answer depends on what the system does, who relies on it, and what the business can realistically sustain while waiting for it to return.
Some systems support daily operations and need to be back within hours. Others are important but not urgent — a longer recovery window is acceptable because manual workarounds exist. Knowing the difference means recovery resources can be allocated where they matter most, rather than treating everything as equally urgent.
Your RTO should be set by asking:
how long can we operate — at what cost and with what workarounds — before this system absolutely needs to be back?
Retention Periods
Retention defines how long data should be kept before it is archived, deleted, or otherwise managed under policy.
Different types of data have different retention requirements. Financial records, employment documents, communications, and operational data may all carry different obligations — legal, contractual, or simply practical. A retention policy that applies the same rule to every dataset will inevitably get something wrong.
Retention is also not just a compliance question. It is a risk and operational question. Data that is kept indefinitely accumulates — storage grows, the discovery burden increases, and old or sensitive information remains accessible when it should not be. Data that is deleted too early may not be available when it is needed for a dispute, audit, or operational query.
Your retention periods should be set by asking:
what do we actually need this data for, and how long does that purpose last?
RPO, RTO, and retention are not technical settings!
They are business decisions that happen to have technical implications.
Microsolve works with your team to define these targets in plain language, test them against your actual operating patterns, and then align your managed services — backup scheduling, monitoring, recovery testing, archiving, and reporting — to the targets you have set.
Retention periods are operational, legal, and financial decisions
Retention is one of the most commonly deferred decisions in data management - and one of the most consequential.
When retention periods are not deliberately set, data accumulates by default. When they are set badly, records may disappear before they are needed.
Three retention realities every leadership team must understand:
Too short creates exposure.
Records that are deleted before their useful life ends cannot be retrieved. When a record is needed for a dispute, audit, regulatory inquiry, or internal review — and it has been deleted — the consequences can extend well beyond IT.
Too long creates risk and cost.
Data that is retained indefinitely continues to accumulate. Storage costs grow. The range of information that could be exposed in a breach expands. And the effort involved in any future discovery or audit scales with the volume of data that has to be searched.
Different data needs different rules.
A single organisation may hold financial records, employment files, client communications, operational logs, project archives, and marketing materials — each with different appropriate retention periods. A blanket policy rarely serves all of them well.
Microsolve helps organisations define retention policies that are practical, proportionate, and aligned to how their data is actually used.
This is not a set-and-forget exercise. As systems change, as regulations shift, and as the business grows, retention rules need to be reviewed and updated.
We make that an ongoing part of your data management practice.
Turn priorities into managed protection
Once data has been mapped, classified, and prioritised — and once recovery and retention targets have been set — managed services become far more precise and effective.
Without that foundation, backup and recovery services are applied generically. With it, every element of data protection can be aligned to what your business actually needs.
What Microsolve aligns your data services to:
Backup Design
Frequency, scope, and storage architecture matched to your RPO by data tier
Recovery Testing
Scheduled tests that verify your RTO targets are achievable before an incident occurs
Monitoring & Alerting
Continuous oversight of backup jobs, storage health, and recovery readiness
Secure Storage
On-premise, cloud, or hybrid storage with appropriate access controls and encryption
Retention Controls
Policy-driven archiving and deletion managed consistently across platforms
Reporting
Clear, regular reporting on coverage, test outcomes, and any gaps requiring attention
Ongoing Review
Scheduled reviews as systems, staff, and risk profiles change
This is what it looks like when data management moves from a background task to a genuine business capability. Leadership has clarity. IT has structure. And the organisation has a defensible, tested foundation — rather than a collection of settings no one has reviewed in three years.
Explore our data management services
Data Location Audit
Identify what data you hold, where it lives, how sensitive it is, and what protection it needs. The essential first step.
Backup & Recovery
Structured backup design, regular recovery testing, and monitoring — built around your RPO and RTO targets.
Microsoft 365 Data Protection
Your Microsoft 365 data — including Exchange, SharePoint, OneDrive, and Teams — is not automatically backed up by Microsoft. We fill that gap.
Email Archiving & Retention
Immutable, policy-driven email archiving that supports compliance, discovery, and long-term retention without relying on mailbox storage.
Business Continuity Planning
Define and document how the business continues to operate during and after a disruption — beyond just IT recovery.
Disaster Recovery Readiness
Test, validate, and improve your ability to recover from a significant incident. Know your gaps before an incident reveals them.
Common questions about data management
What is a data location audit?
A data location audit identifies what business data you hold, where it is stored, who relies on it, how sensitive it is, and how important it is to day-to-day operations.
It gives you the visibility needed to make deliberate, informed decisions about protection, recovery, and retention.
What is the difference between RPO and RTO?
RPO (Recovery Point Objective) defines how much data loss is acceptable — in other words, how far back you can afford to roll back.
RTO (Recovery Time Objective) defines how long systems or data can be unavailable before the business impact becomes unacceptable.
Both are set based on how the business operates, not on technical defaults.
How do you set the right RPO and RTO for a business?
Start with the business, not the technology.
-
How often does each system's data change?
-
How long can the business operate without it?
-
What manual workarounds exist?
The answers to those questions define practical, proportionate targets — which can then be translated into technical service design.
What is a data retention period?
A retention period is the length of time a specific type of data should be kept before it is archived, deleted, or otherwise managed under a defined policy.
Different data types — financial records, employee files, client communications, operational logs — often need different retention periods.
Why do retention periods matter?
Retention periods affect risk, storage costs, governance, and the organisation's ability to access records when they are needed.
Data held too briefly may be gone when it is needed. Data held indefinitely creates unnecessary exposure and cost.
Getting this right requires deliberate decisions, not defaults.
Is backup the same as data management?
No!
Backup is one protective control.
Data management is broader — it includes understanding what data you hold, classifying it by sensitivity and criticality, setting recovery and retention targets, applying appropriate controls, and reviewing all of it regularly as systems and requirements change.
Backup is just one part of a well-managed data environment. It is not a substitute for one.
Can a managed IT provider help with retention and recovery planning?
Yes.
A managed IT provider with data management capability can help assess your data landscape, define practical targets, implement and monitor protective controls, manage retention policies across platforms, and review everything on a regular cadence — so your protection stays aligned with how your business is actually working.
What data should be reviewed first?
Start with data that is critical to daily operations, updated frequently, difficult or impossible to recreate, sensitive in nature, or required for governance, reporting, or compliance.
Those categories carry the highest risk if they are lost, unavailable, or poorly managed.
Start with clarity, not assumptions
If you are not sure what data you have, where it all lives, or whether your current protection reflects how your business actually operates — a data management review is the right starting point.
Microsolve works with you to assess what you have, identify the gaps, and put a managed service in place that is built around your real priorities.