Systems and computers fail periodically. Vital records, systems and work products may be irretrievably lost if they have only been stored on the failed computer or computer system. The resulting frustrations, lack of productivity and cost are few of the consequences. This policy is designed to prevent such occurrences by having alternative locations for these systems and data, so they can be restored.
Data backup is the process of copying, storing and restore and recovery of computer data. Simply stated data in whatever format it may be in.
The purpose data backup is as follows:
The purpose of this policy is to provide a consistent framework to apply to the backup process. The policy will provide specific information to ensure backups are available and useful when needed – whether to simply recover a specific file or when a larger-scale recovery effort is needed.
This policy applies to all data stored on (Organization) systems, on all computers, both laptops and desktops, and to all servers owned by (Organization) and any other electronic devices that may have storage capacity and consists of relevant data.
(Organization) must identify what data is most critical. This can be done through a formal data classification process or through an informal review of information assets. Regardless of the method, critical data should be identified so that it can be given the highest priority during the backup process.
When stored onsite, backup media must be stored in a fireproof container in an access-controlled area.
Geographic separation from the backups (sufficient distance) must be maintained, to some degree, in order to protect from fire, flood, or other regional or large-scale catastrophes, to escape any damage from a disaster at the main site.
When moved offsite, backup media should be reasonably secured from theft or fire, and should be stored in a hardened facility that uses accepted methods of environmental controls, and access controlled secure, to ensure the integrity of the backup media.
Online backups are allowable if the service meets the criteria specified herein.
Backups shall be carried out at regular intervals.
Backup frequency is critical to successful data recovery. (Organization) has to determine a backup schedule for sufficient data recovery in the event of an incident, while avoiding an undue burden on the users, network, and backup administrator.
All staff are reminded that they are individually responsible for data held locally on their desktop or laptop computer and all critical data must be stored on the backup media used at (Organization).
The necessary level of back-up information should be defined.
The data restoration procedures must be tested and documented. Documentation should include exactly who is responsible for the restore, how it is performed, under what circumstances it is to be performed, and how long it should take from request to restoration. It is extremely important that the procedures are clear and concise such that they are not misinterpreted by readers other than the backup administrator, and confusing during a time of crisis.
(Organization) should determine the time required for backup retention, and what number of stored copies of backup-up data is sufficient to effectively mitigate risk while preserving required data.
Backup copies must be maintained in accordance with the Retention and Disposal Schedule for backup copies. The schedule will determine the status of the information, as to whether it can be disposed of, cycled back into production or remain in archive storage.
Backup date / Resource name / type of backup method (Full/Incremental).
Physical and logical movement of backup copies shall refer to:
The request for stored data must be approved by an authorized person nominated by a Director/Manager in the appropriate department. Requests for stored data must include:
Restoration procedures should be regularly checked and tested to ensure that they are effective and that they can be completed within the time allotted in the operational procedures for recovery, and report on its ability to recover data.
Backup media should be regularly tested to ensure that they can be relied upon for emergency use when necessary.
Backup restores must be tested when any change is made that may affect the backup system.
On a daily basis, log information generated from each backup job will be reviewed for the following purposes:
Backup media in transit and store shall be protected from unauthorized access, misuse or corruption, including sufficient protection to avoid any physical damage arising during transit and store. All personnel responsible for data backup processing shall have:
Where special controls are required, i.e. to protect sensitive or critical information, the following should be considered:
All backup media shall be appropriately disposed of. Media will be retired and disposed of as described below:
Certain types of backup media have a limited functional lifespan. After a certain time in service the media can no longer be considered dependable. When backup media is put into service the date must be recorded on the media. The media must then be retired from service after its time in use exceeds manufacturer specifications.