I came across this article on SearchStorage.com talking about creating service level agreements in data protection:
Greenberg laid out a two-step process to setting up the SLA. The first step involves aligning data protection with the business, and requires administrators to determine issues, such as the cost of data protection, who the data owners are, what the data is and where it lives, what the recovery time objective (RTO) and recovery point objective (RPO) are, encryption requirements and retention periods of data.
The second step involves data protection methods. Greenberg said data protection requirements must be driven by legal and business needs. "Shape the technology around business processes, not the other way around," he said.
Working from business requirements towards the technology that supports it is one of the best ways you can architect a data protection environment. Sometimes it's hard when you're caught up...