Patrick Boylan is 100% right. As a former corporate audit director, I can attest that EVERY audit of informatics or security management looks for both adequate on-site and (more important) OFF-site storage of backup data. It is a fundamental component of any institution's disaster management plan. Our institution does daily backups with both on-site and off-site storage for a specified back-time period. Any institution that does NOT have off-site copies of backups is placing its head on the block and waiting for the axe to fall. See, inter alia, the audit guides of the Institute of Internal Auditors. Harry Needham Director, Programs and Operations Canadian War Museum