Whether it’s a natural disaster or ransomware, how you should prepare for threats to your data is always the same: You need a cloud backup checklist before data loss happens, and a data recovery checklist for when it does.

It bears repeating that it’s never a question of if disaster will occur, but when, and you’ll lessen the impact of any data loss by planning and taking preventative steps. You’ll also bounce back from a disruption to your business a lot quicker if you have a plan of action in place that enables your team and your managed cloud backup service provider to mobilize quickly when disaster strikes.

Some steps can’t be taken until data loss occurs, but there are some key things you should do—and regularly revisit—to quickly recover in the event of a disaster.

Set a recovery time objective (RTO): It’s not enough to get back up and running. When you lose data, applications become unavailable, so the clock is ticking. An RTO is gives you a deadline as to how long you can go without an application and decides how much time it will take to recover from your cloud backup after the disaster strikes. Ideally, it’s before your customers even notice.

Set a recovery point objective (RPO): Similarly, you want to focus your recovery efforts on the data you need the most. An RPO defines how much data you can afford to lose in an outage scenario. By setting an RPO, you can decide how frequently application data must be backed up, and prioritize what data is recovered first in the event of disaster.

Understand application interaction: It’s essential you understand the data dependencies of an application, as well as the other applications they depend on. The loss of just one could potentially disrupt your entire business. By understanding application interdependencies, you can group them together and ensure all connected applications and their data safeguarded equally to your cloud backup.

Test, test and test again: You just can’t set a data backup procedure and forget it. It’s important to test it regularly. Run a series of “fire drills” to be certain that you can in fact completely recover all data and applications as determined by your RPOs and RTOs. Always monitor to make backup and replication processes are taking place, and that your destination storage media is operating.

Secure and strengthen your network: Backing up data and applications depends on your WAN bandwidth as well as its security. Be sure you can move the data you need to fast, from primary systems to backup—both onsite and to your cloud provider. By employing deduplication, you can reduce the pressure on your networking and storage resources because you’re moving data you need to. Meanwhile, make sure data is encrypted when in transit and at a rest.

Put it on paper: It’s important to document your business continuity plan, including your backup processes. In the event of data loss want, you want to make sure you’ve got a hard copy on hand as your digital one could be potentially lost during a disaster. And just as you should be regularly testing your cloud backup, you should be revising your plan regularly to consider new applications and interdependencies.

Train your team: Your data recovery process is only as good as the people executing it. Be sure you educate personnel, so they understand the tools needed to restore your primary systems from cloud backup, and have well-defined responsibilities for everyone involved, including those at your cloud backup provider.

Diversify storage: As much as you want to streamline and simplify your backup, make sure you don’t put all your eggs in one basket. Having off-premise cloud backup reduces cost and risk but be sure your cloud backup service provider has adequate redundancy. Also, you want to consider backup media that’s not on the network to prevent falling prey to ransomware.

Having checklist in place before and after data loss happens can mean the difference between quickly bouncing back from disruption to your business rather than not being able to stay in business.