This policy is not designed to use systems backup for the following purposes:



Similar documents
IT Data Backup Policy

UMHLABUYALINGANA MUNICIPALITY

BACKUP POLICY Date: 04/12/2009

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012

15 Organisation/ICT/02/01/15 Back- up

IT BACKUP POLICY. This Policy applies to all University electronic data stored on all IT-managed applications and systems.

CHAPTER 9 System Backup and Restoration, Disk Cloning

How To Use A Court Record Electronically In Idaho

Backup Policy (ITP004) Information Technology Services Department

San Francisco Chapter. Information Systems Operations

Mille Lacs County Data Services - Backup Policy

INFORMATION GOVERNANCE POLICY: DATA BACKUP, RESTORE & FILE STORAGE HANDLING

Auditing in an Automated Environment: Appendix C: Computer Operations

About Backing Up a Cisco Unity System

Version: Page 1 of 5

Volume UC DAVIS HEALTH SYSTEM. HIPAA Security Compliance Workbook. Multi User Guide

Document Management Plan Preparation Guidelines

BACK UP POLICY Page 1 of 7 BACK UP POLICY

Administrators Guide Multi User Systems. Calendar Year

CENTER FOR NUCLEAR WASTE REGULATORY ANALYSES

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

2.1 To define the backup strategy for systems and data within the Cape Winelands District Municipality (CWDM).

Exhibit to Data Center Services Service Component Provider Master Services Agreement

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Records Management - Risk Assessment Tool

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

BACKUP SECURITY GUIDELINE

THE BASIC BACKUP GUIDE TAPE BACKUP STRATEGIES FOR THE SMALL-TO-MEDIUM BUSINESS

Union County. Electronic Records and Document Imaging Policy

SOUTHWEST VIRGINIA COMMUNITY COLLEGE RECORDS MANAGEMENT POLICY

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

Our Kids Information Technology Department IT Backup and Restore Procedure

PART 10 COMPUTER SYSTEMS

POLICY AND GUIDELINES FOR THE MANAGEMENT OF ELECTRONIC RECORDS INCLUDING ELECTRONIC MAIL ( ) SYSTEMS

BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT

White Paper: Librestream Security Overview

6. FINDINGS AND SUGGESTIONS

Volume UC DAVIS HEALTH SYSTEM. HIPAA Security Compliance Workbook. Single - User Guide

ISO IEC ( ) INFORMATION SECURITY AUDIT TOOL

Network Security Policy

HIPAA Security Matrix

Identify and Protect Your Vital Records

NOT PROTECTIVELY MARKED FORCE PROCEDURES. Retention, Archiving and Destruction Procedure v1.2. Records Manager

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

ACS Backup and Restore

How To Write A Health Care Security Rule For A University

Backup. Contents. 1 Storage, the base of a backup system. 2 Selection, extraction and manipulation of data. 3 Managing the backup process.

Rotherham CCG Network Security Policy V2.0

REVENUE REGULATIONS NO issued on December 29, 2009 defines the requirements, obligations and responsibilities imposed on taxpayers for the

Does it state the management commitment and set out the organizational approach to managing information security?

ICT Data Backup and Recovery Policy

COMMERCIALISM INTEGRITY STEWARDSHIP. Back-up Policy & Guidance

Supplier Security Assessment Questionnaire

A backup is a copy of your files that will be able to reproduce the original, if it is lost, damaged or stolen.

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT IT Backup, Recovery and Disaster Recovery Planning

Local Government Cyber Security:

The Case for Continuous Data Protection

CITY UNIVERSITY OF HONG KONG. Information Classification and

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

How To Use Rackspace Backup On A Computer Or A Hard Drive

ITIL A guide to service asset and configuration management

IMPLEMENTATION OF AN ELECTRONIC DOCUMENT MANAGEMENT SYSTEM

MapGuide Open Source Repository Management Back up, restore, and recover your resource repository.

FINAL May Guideline on Security Systems for Safeguarding Customer Information

WHAT S THE DIFFERENCE? JENNIFER RICKER DIGITAL COLLECTIONS MANAGER STATE LIBRARY OF NORTH CAROLINA

Information Systems and Technology

ROADMAP TO DEFINE A BACKUP STRATEGY FOR SAP APPLICATIONS Helps you to analyze and define a robust backup strategy

Scanning and Tossing. Requirements for Scanning and the Destruction of Paper Based Records

DO NOT ASSUME THAT THE BACKUP IS CORRECT. MAKE SURE IT IS.

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014

Multi-Terabyte Archives for Medical Imaging Applications

Exhibit to Data Center Services Service Component Provider Master Services Agreement

Disaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support

Supplier IT Security Guide

Retention 7/11/2014 1

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide

DELAWARE PUBLIC ARCHIVES POLICY STATEMENT AND GUIDELINES MODEL GUIDELINES FOR ELECTRONIC RECORDS

Newcastle University Information Security Procedures Version 3

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL.

2.2 INFORMATION SERVICES Documentation of computer services, computer system management, and computer network management.

Digital Media Storage

IT - General Controls Questionnaire

Backup and Recovery. What Backup, Recovery, and Disaster Recovery Mean to Your SQL Anywhere Databases

Mike Casey Director of IT

Transcription:

Number: AC IT POL 003 Subject: Backup and Restore Policy 1. PURPOSE The backup and restore policy establishes the need and rules for performing periodic system backup to permit timely restoration of Africa Centre information assets in the case of system malfunction, accidental deletion, intentional destruction or natural disaster. This policy is not designed to use systems backup for the following purposes: 2. SCOPE To archive data for future reference To maintain a versioned history of data This policy applies to all information assets stored on servers owned, leased, operated or maintained by the Africa Centre. 3. POLICY 3.1. Persons in charge 3.1.1. Each data backup process should have at least one primary person in charge and one substitute. 3.1.2. Data backup is a critical security measure thus the relevant persons in charge should be committed in writing to adherence to this backup policies. 3.1.3. The person in charge will be responsible for the development and implementation of the backup procedures on per server basis as defined in section 7.1 in accordance with the best practices described in section 3.2 to section 3.10. 3.2. Frequency 3.2.1. Differential backups will be performed daily. 3.2.2. Differential backups will be saved for a full week. 3.2.3. A full systems backup will be performed weekly. 3.2.4. Weekly backups will be saved for a full month. Page 1 of 6

3.2.5. The last weekly backup of the month will be marked as a monthly backup. 3.2.6. Monthly backups will be saved for 4 months. 3.3. Storage, access and security 3.3.1. Legible, unique labels shall be placed on all backup media. 3.3.2. Daily incremental backup shall be stored in an adjacent building in a fireproof safe. 3.3.3. Monthly backup shall be stored in a secure location at least 10 km away from the server room. 3.3.4. Proper environment controls, temperature, humidity, fire protection and low level of electro magnetic radiation shall be maintained at the storage location. 3.3.5. During transport or changes of media, media shall not be left unattended. 3.3.6. Read only access to backup data is restricted to the persons in charge who have responsibility for recovering the data. Write access is granted only to the batch job creating the copy. 3.4. Backup verification 3.4.1. The backup software should capture a list of all files and directories encountered and saved to tape. Logs should contain information about successful backups, tapes that were left in place accidentally and overwritten, when and where the tapes were sent offsite, the success or failure of restore tests and bad tapes encountered which may affect the ability to obtain files from previous backup. 3.4.2. On a daily basis, logged information generated from each backup job will be sent by email to data custodians and persons in charge and reviewed for the following purposes: 3.4.2.1. To check for and correct errors. 3.4.2.2. To monitor duration of the backup job. 3.4.2.3. To optimize backup performance 3.5. Testing 3.5.1. The ability to restore data from backups shall be tested at least quarterly. 3.5.2. It must at least once be proven that complete data restoration is possible (e.g. all data contained in a server must be installed on an alternative server using substitute reading equipment to the data backup writing equipment). This ensures reliable testing as to whether: 3.5.2.1. Data restoration is possible. 3.5.2.2. The data backup procedure is practicable. Page 2 of 6

3.5.2.3. There is sufficient documentation of the data backup, thus allowing a substitute to carry out the data restoration if necessary. 3.5.2.4. The time required for the data restoration meets the availability requirements. 3.5.2.5. The person in charge must maintain records demonstrating the review of logs and test restores so as to demonstrate compliance with this policy for auditing purposes. 3.6. Training 3.6.1. All persons in charge of data backup should receive adequate training on the data backup process, data restoration process, media rotation, retention and storage. 3.6.2. Regular refresher, motivation campaigns and adherence checking on data backup must be conducted 3.7. Request for Restoration 3.7.1. Users that need files restored must submit a request to the help desk with information about the file creation date, the name of the file, the last time it was changed, and the date and time it was deleted or destroyed. 3.8. Tape Drive Cleaning 3.8.1. Tape drives shall be cleaned monthly. 3.8.2. The cleaning tape shall be changed when they reach the maximum number of cleanings as per manufacturer recommendation. 3.9. Retirement and Disposal of Media 3.9.1. The date each tape was put into service shall be recorded on the tape. 3.9.2. Tapes that have been used longer than two years shall be discarded and replaced with new tapes. 3.9.3. Prior to tape retirement or reuse for other purpose, the person in charge will ensure the following: 3.9.3.1. The media no longer contains active backup images or that any active backup images have been copied to other media 3.9.3.2. The media s current or former contents can not be read or recovered by an unauthorized party 3.9.4. Prior to tape disposal, the person in charge will ensure the physical destruction of the media. Page 3 of 6

4. REFERENCES N/A 5. DEFINITIONS/ABBREVIATIONS 5.1. Backup: To back up data is to copy them to another medium so that, if the active data are lost, they can be recovered in a recent if not completely current version. Backup is primarily intended for disaster recovery, and the assumption is that in most cases the backed up data will not be read. 5.2. Archive: To archive data is to move them to another medium for long term storage. Archive is intended for the storage of data that do not need to be kept immediately accessible, but which may possibly be needed at some point in the future. 5.3. Restore: The process of bringing off line storage data back from the offline media and putting it on an online storage system such as a file server. 5.4. Full data backup: With this procedure, all data requiring backup are stored on an additional data medium without consideration as to whether the files have been changed since the last backup. For this reason, full data backup requires a high storage capacity. Its advantage is the simple and quick restoration of data due to the fact that only the relevant files need to be extracted from the last full data backup. If full data backups are carried out infrequently, extensive changes to a file can result in major updating requirements 5.5. Incremental data backup: In contrast to full data backup, this procedure simply stores the files which have been changed since the last (incremental or full) backup. This saves storage capacity and shortens the time required for the data backup. The restoration time for data is generally high, as the relevant files must be extracted from backups made at different stages. Incremental data backups are always based on full data backups and should be interspersed periodically by full data backups. During restoration, the last full backup is taken as a basis which is then extended with the updates from subsequent, incremental backups. 5.6. Differential data backup: This procedure stores only the files that have been changed since the last full data backup. A differential backup requires more memory space than an incremental backup but the files can be restored quicker and easier. For restoration of data, the last full data backup will suffice as will the most recent differential backup. This is not the case with an incremental backup, since under some circumstances many data backups must be read one after the other. Page 4 of 6

6. APPENDICES 6.1. Backup procedures on a per server basis The person in charge will document and implement backup procedures on a per server basis that define: 1. Influential factors o Specifying the data to be backed up o Data availability requirements o Effort required for data reconstruction without data backup o Data volumes o Modification volumes o Modification times o Deadlines o Confidentiality requirements o Integrity requirements o Knowledge and data processing competence of users 2. Data backup a. Specifications for each backup type Type of data backup Frequency and times of data backup Number of generations Tape identification Responsibility for data backup Storage location for backup copies Reconstruction times for the existing data backup system b. Determining procedures of data restoration by type c. Identify operational reading device Sign-off by Africa Centre data custodians and data owners DOCUMENT CONTROL Document Information Document Title Backup and Restore Policy Version 1.2 Page 5 of 6

Status Approved First Issued 2006-11-14 Maintained by Head of IT Revision History Version Date Details 1.0 2006-11-14 1.1 2008-11-05 1.2 2010-05-30 Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information