¿Can anyone provide a layman's interpretation and view on the following issue (ideally keep your responses basic to a level of someone who has never managed backups at DB level). We have an audit related SQL express database (but the RDBMS platform is irrelevant its the concepts I am interested in) that basically logs entries about actions taken in one of our ERP apps. The data can be useful for investigations when trying to determine what activity a user took in the application.
It has recently come to our attention the audit database isn't being regularly backed up. The DBA surprisingly doesn't seem to concerned, he stated the audit logs go back 12 months, and they don't overwrite themselves, so will continue to log to the database as long as required, so he could provide logs going back to October 2012.For audit log type databases, what is the risk in not doing backups of the DB? For what scenarios does a backup of this kind of data save you? I am struggling to challenge their verdict of this being a low risk issue, it doesn't sound good practice to me.