Back-up procedures tend to be pretty unstructured - whole disc drives are often archived to tape. When did you last request a photocopy of a whole filing cabinet? The aim is to be able to restore specific lost data reliably with minimum disruption. Back-ups need to be structured by business relevance and readable on demand.
You should regularly cycle through back-ups, trying to restore from them. To avoid business disruption you should set up a dedicated back-up test platform. Finally, you must allow for the possibility that back-up devices may fail and not be replaceable. Some archives must, by law, be stored for longer than the market lifetime of many storage technologies. You may need to migrate such archives as technologies change.
Back-ups are also a serious target for thieves and hackers. Ensure physical security by storing them off site. Encrypt your data - some devices have an encryption option, but this can be a hazard, as a replacement drive may not use the same method, so your data may become unreadable; the same applies to compression. The best option is to encrypt before back-up, so you will need a dedicated back-up server which takes care of the encryption and compression. This can also conserve network bandwidth, so it may be a good idea anyway.
Make sure your back-up strategy works - test it.
Mike Barwise is a consultant at www.computersecurityawareness.com/