COMMERCIALISM INTEGRITY STEWARDSHIP. Back-up Policy & Guidance



Similar documents
Records Management Policy & Guidance

University of Sunderland Business Assurance Information Security Policy

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Data Management Policies. Sage ERP Online

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012

Backup Policy (ITP004) Information Technology Services Department

2.1 To define the backup strategy for systems and data within the Cape Winelands District Municipality (CWDM).

Supplier Security Assessment Questionnaire

Validating Enterprise Systems: A Practical Guide

How To Protect Decd Information From Harm

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

6. FINDINGS AND SUGGESTIONS

INFORMATION TECHNOLOGY SECURITY STANDARDS

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

This policy is not designed to use systems backup for the following purposes:

R345, Information Technology Resource Security 1

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Management System (ISMS) Policy

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

JOB DESCRIPTION CONTRACTUAL POSITION

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Policy Document. Communications and Operation Management Policy

CyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone:

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Service Children s Education

Network Security Policy

Rotherham CCG Network Security Policy V2.0

Document Management Plan Preparation Guidelines

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

ISO27001 Controls and Objectives

University of Liverpool

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT IT Backup, Recovery and Disaster Recovery Planning

How To Protect School Data From Harm

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

Birkenhead Sixth Form College IT Disaster Recovery Plan

15 Organisation/ICT/02/01/15 Back- up

ISO Controls and Objectives

BACKUP SECURITY GUIDELINE

Network Security Policy

San Francisco Chapter. Information Systems Operations

How To Protect A Hampden County Hmis From Being Hacked

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Does it state the management commitment and set out the organizational approach to managing information security?

Remote Access Policy

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

MANAGED SERVICE PROVIDER (MSP) PROGRAM

Cloud Computing and Records Management

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

Local Government Cyber Security:

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

Birmingham City Council Internet Monitoring Standard

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

Information Technology Internal Audit Report

C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)

Australia Pacific LNG Project. Narrows Crossing Pipeline Environmental Management Plan Attachment 3 Crisis and Emergency Management Directive

1. (a) Full name of proposer including trading names if any (if not a limited company include full names of partners) Date established

How To Write A Health Care Security Rule For A University

Call: Disaster Recovery/Business Continuity (DR/BC) Services From VirtuousIT

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE

INFORMATION GOVERNANCE POLICY: DATA BACKUP, RESTORE & FILE STORAGE HANDLING

University of Liverpool

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

ELECTRONIC INFORMATION SECURITY A.R.

Unit Guide to Business Continuity/Resumption Planning

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Business Continuity Policy and Business Continuity Management System

University of Aberdeen Information Security Policy

Network & Information Security Policy

SAFETY FIRST. Emerging Trends in IT Disaster Recovery. By Cindy LaChapelle, Principal Consultant.

Summary of Information Technology General Control Environment Findings for the year ended 30 June 2015

Newcastle University Information Security Procedures Version 3

Version: Page 1 of 5

Karen Winter Service Manager Schools and Traded Services

Summary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service)

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

CLOUD SERVICE SCHEDULE

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Mike Casey Director of IT

Merthyr Tydfil County Borough Council. Information Security Policy

Transcription:

Back-up Policy & Guidance

Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Back Up Policy Version Date 10/10/12 Effective Date 1 November 2012 Issue THREE Review Date October 2013 May 2007 Change Record Modified Date Author Version Description of Changes 14/05/2010 Clare Kelly 1.1 Incorporates comments by ZH, TB, CK and NS 04/05/2011 Roberta McCaughan 1.2 10/05/2011 S Smith 1.3 Review for Service Desk 13/07/2011 S Smith 1.4 Change made to 4.1. See ISMS 2011 Audit Action List for information. 21/07/2011 S Smith 1.5 Change made to 4.2. See ISMS 2011 Audit Action List for information 10/08/11 A R Last 1.6 Final review 10/10/12 A R Last 1.7 Annual review Stakeholder Sign off Name Position Signature Date Nigel Spencer Information Services Manager July 2011 Clare Kelly IT Support Manager July 2011 Nigel Spencer Head of IS October 2012 Security Sign-off Name Position Signature Date Adrian Last Business Support Manager August 2011 Adrian Last ISMS Manager October 2012 1

Table of Contents 1. Purpose 3 2. Scope 3 3. Policy 3 3.1. Policy Statement 3 3.2. Policy Objectives 3 3.3. Policy Overview 3 3.4. Policy Maintenance 4 4. Policy Requirements 4 4.1. Build Documentation 4 4.2. Server Imaging 4 4.3. Identification of Data for Back-up 4 4.4. Back-up Schedules 5 4.5. Restoration 5 4.6. Software Compatibility 5 4.7. Back-up Retention 6 4.8. Media Storage 6 4.9. Reporting Security Incidents 6 4.10. Business Continuity 6 4.11. User Awareness 6 5. Disciplinary Process 6 6. Deviations from Policy 6 7. Glossary of Terms 6 Appendix A - List related documents, procedures and processes 7 2

1. Purpose The purpose of this policy is to ensure that The Crown Estate s electronic information resources are backed-up at scheduled intervals to suitably secure storage media in order to facilitate the restoration of all or part of those information resources in the event of loss or corruption of the original data. 2. Scope The scope of this policy applies to: Any of The Crown Estate s premises where electronic information is stored; and Information system resources, including data networks and servers located at May The 2007 Crown Estate and non-crown Estate locations, where these systems are under the jurisdiction and/or ownership of The Crown Estate, and any servers authorised to access The Crown Estate s data networks. Out of Scope: The Crown Estate is not responsible for backing up non-crown Estate machines. The Crown Estate IT Service Desk also does not back up PCs or laptops. Users should always save data to servers. i.e. data on users laptops and PCs is their own responsibility. It should be noted that personal drives on individual PCs and laptops will not be backed-up. Only data stored on corporate servers is subject to this Policy. 3. Policy 3.1. Policy Statement The Crown Estate s information system resources are assets important to The Crown Estate s business and stakeholders and its dependency on these assets demands that appropriate levels of information security be instituted and maintained. It is The Crown Estate s policy that appropriate back-up measures are implemented to protect its information system resources from loss or corruption, and to maintain appropriate levels of confidentiality, integrity and availability of such information system resources. 3.2. Policy Objectives The objectives of this policy with regard to the protection of information system resources against loss or corruption are to: Minimise the threat posed by the potential loss or corruption of electronic information owned by The Crown Estate or temporarily entrusted to it; and Minimise reputation exposure, which may result from the loss or corruption of The Crown Estate s electronic information resources. 3.3. Policy Overview The Crown Estate information system resources are important business assets that are vulnerable to loss or corruption due to technical failure, human error or malicious attack. It is therefore essential to ensure that verified back-ups are taken in order to be able to restore lost or corrupted data to its original state at a specified point in time. 3

3.4. Policy Maintenance Supporting standards, guidelines and procedures will be issued on an on-going basis by The Crown Estate. Users will be informed of any subsequent changes or updated versions of such standards, guidelines and procedures by way of e-mail or other relevant communication media. Users shall then have the obligation to obtain the current information systems policies from The Crown Estate intranet (i-site) or other relevant communication media on an on-going basis and accept the terms and conditions contained therein. 4. Policy Requirements The Crown Estate s information system resources shall be backed-up at scheduled intervals in order to provide assurance of restoration in the event of loss or corruption of data May 2007 and for business continuity planning purposes. 4.1. Build Documentation The IT Service Desk will document and build processes and test recovery routines to mitigate risks of data loss. 4.2. Server Imaging Where appropriate, disk images will be taken and stored in order to provide for the most rapid restoration of mission-critical servers to a known state. The IT Service Desk will document build processes and test recovery routines to mitigate risks of data loss. 4.3. Identification of Data for Back-up Data will only be backed up when requested via a Back-up Application form sent to the IT Service Desk, along with a Request for Service (RFS). No assumption should be made that data is being backed up unless a Back-up Application form has been completed and acknowledged. Emergency or special back-ups may be requested by contacting the IT Service Desk in writing. 4.4. Back-up Schedules The production environment must not be impacted by the running of back-up jobs. All back-ups must be created, scheduled and run according to the performance and availability requirements of the environment. Back-ups are scheduled as one of the following: Daily Weekly Monthly Annual (both calendar year-end in December and financial year end in March). Archive Once-off According to standard definitions of terms, back-ups are determined as: Full Differential Incremental 4

Back-up logs will be reviewed daily by the IT Support Team and failures logged by the IT Service Desk for onward investigation. Tests will be conducted to investigate the cause of back-up failures and action taken accordingly to prevent recurrence. 4.5. Restoration Test restorations will be conducted by the IT Support Team at regular intervals using a disparate cross-section of application types to ensure that back-ups are working correctly and that restorations can be successfully executed. Requests for restoration of live systems must be logged with the IT Service Desk. Requests for full system restores must be accompanied by a high priority call and Change Control Approval. May 2007 Where possible, restores are made initially to an alternate location, and then copied to the live location following verification. Where restoration is to a live system and the system is not terminally corrupt, the existence of a suitably-recent back-up is confirmed in case the restoration fails. Where no suitably-recent backup exists, a back-up is taken first. Users will be notified of the outcome of the restore. 4.6. Software Compatibility A secure library of application software versions will be maintained for as long as corresponding back-ups are retained in order to ensure that a compatible version of the software will be available for use if the need arises to restore an application to a pre-upgrade state. 5

4.7. Back-up Retention Back-ups are retained in accordance with the following periods of time: Back-up Schedule Daily Weekly Monthly Annual Archive Once-off Retention Period Minimum 1 month Minimum 2 months Minimum 3 months 6 years Indefinite As requested 4.8. Media Storage Back-up tapes are collected and stored offsite by an appropriately-resourced third party contractor. Tapes held temporarily onsite are stored in a controlled, secure environment. 4.9. Reporting Security Incidents All security incidents, including significant back-up or restoration failures, should be reported immediately to the IT Service Desk. 4.10. Business Continuity Business continuity plans shall include provision for the restoration of information resources from back-ups. This document is supported and guided by the Business Continuity Plan for IS. 4.11. User Awareness Users shall be made aware of this Policy and all its provisions. May 2007 5. Disciplinary Process The Crown Estate reserves the right to audit compliance with the policy from time to time. Any disciplinary action, arising from breach of this policy, shall be taken in accordance with The Crown Estate s Rules and Disciplinary Code as amended from time to time. Disciplinary action may ultimately lead to dismissal. 6. Deviations from Policy Unless specifically approved, any deviation from this policy is strictly prohibited. Any deviation to or non-compliance with this policy shall be reported to the ISMS Manager or Head of IS. 7. Glossary of Terms The terms used in this policy document are to be found in the ISMS Glossary of Terms. In particular, a back-up is defined as a copy of a specified subset of The Crown Estate s electronic information resources. 6

Appendix A - List related documents, procedures and processes Backup Checklist Procedure Backup and Recovery Process Business Continuity Planning Policy/Procedure Disaster Recovery Policy/Procedure Business Continuity Plan for Information Systems Department The Crown Estate s Rules and Disciplinary Code May 2007 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information