IT BACKUP POLICY. This Policy applies to all University electronic data stored on all IT-managed applications and systems.



Similar documents
This policy is not designed to use systems backup for the following purposes:

IT CHANGE MANAGEMENT POLICY

15 Organisation/ICT/02/01/15 Back- up

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012

Virginia Commonwealth University School of Medicine Information Security Standard

Improving Microsoft SQL Server Recovery with EMC NetWorker and EMC RecoverPoint

INFORMATION TECHNOLOGY SECURITY STANDARDS

Business Continuity Plan

10751-Configuring and Deploying a Private Cloud with System Center 2012

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT IT Backup, Recovery and Disaster Recovery Planning

San Francisco Chapter. Information Systems Operations

Purpose: To ensure that e-discovery Requests and Litigation Hold Notices are received, routed and responded to in a timely and thorough manner.

How To Protect Decd Information From Harm

Mike Casey Director of IT

Integrating Data Protection Manager with StorTrends itx

UMHLABUYALINGANA MUNICIPALITY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

Protecting Microsoft SQL Server

Disaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support

Nimble Storage Best Practices for CommVault Simpana*

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

Network Security Policy

BUSINESSES NEED TO MAXIMIZE PRODUCTIVITY, LOWER COSTS AND DECREASE RISKS EVERY DAY.

Information Shield Solution Matrix for CIP Security Standards

Nimble Storage Best Practices for CommVault Simpana*

Exam : Transition Your MCTS on SQL Server 2008 to MCSA: SQL Server 2012, Part 2. Title : The safer, easier way to help you pass any IT exams.

VMware Mirage Web Manager Guide

EMC NetWorker and Replication: Solutions for Backup and Recovery Performance Improvement

EMC NETWORKER SNAPSHOT MANAGEMENT

SOLUTION BRIEF KEY CONSIDERATIONS FOR BACKUP AND RECOVERY

ISO Controls and Objectives

COMPUTER OPERATIONS - BACKUP AND RESTORATION

Flinders University IT Disaster Recovery Framework

2.1 To define the backup strategy for systems and data within the Cape Winelands District Municipality (CWDM).

Information Security

Server Virtualization with Windows Server Hyper-V and System Center

The Disaster Recovery Self-Assessment Guide and Validation Model. Jim Kates Cognizant Technology Solutions

Server Virtualization with Windows Server Hyper-V and System Center

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

DEFINING THE RIGH DATA PROTECTION STRATEGY

Service Level Agreement (SLA) Arcplace Backup Enterprise Service

A SURVEY OF POPULAR CLUSTERING TECHNOLOGIES

BACKUP SOLUTIONS FOR SCHOOLS. Advice and Guidance. ICT Services 42 New Union Street Coventry CV1 2HN

Appendix A Core Concepts in SQL Server High Availability and Replication

Rotherham CCG Network Security Policy V2.0

Domain Name Service Service Level Agreement (SLA) Vanderbilt Information Technology Services

Exhibit to Data Center Services Service Component Provider Master Services Agreement

EMC MID-RANGE STORAGE AND THE MICROSOFT SQL SERVER I/O RELIABILITY PROGRAM

We look beyond IT. Cloud Offerings

Information Security Policy

WHITE PAPER: DATA PROTECTION. Veritas NetBackup for Microsoft Exchange Server Solution Guide. Bill Roth January 2008

VMware vcloud Air HIPAA Matrix

Version: Page 1 of 5

DO NOT ASSUME THAT THE BACKUP IS CORRECT. MAKE SURE IT IS.

Creating a Complete Backup of Shelby v5 Data

Service Level Agreement for Database Hosting Services

Server Virtualization with Windows Server Hyper-V and System Center

Supplier Security Assessment Questionnaire

ISO COMPLIANCE WITH OBSERVEIT

IT Security Standard: Computing Devices

Traditional Disaster Recovery versus Cloud based DR

20409B: Server Virtualization with Windows Server Hyper-V and System Center

Backup and Recovery. What Backup, Recovery, and Disaster Recovery Mean to Your SQL Anywhere Databases

IT Service Management

PCI Data Security and Classification Standards Summary

High Availability and Disaster Recovery for Exchange Servers Through a Mailbox Replication Approach

Backup and Recovery 1

Vodacom Managed Hosted Backups

About Backing Up a Cisco Unity System

MS-10751: Configuring and Deploying a Private Cloud with System Center Required Exam(s) Course Objectives. Price. Duration. Methods of Delivery

ENTERPRISE DATA CENTER BACKUP AND RECOVERY OVERVIEW

Administering a SQL Database Infrastructure (MS )

Welcome to My E-Book

Mille Lacs County Data Services - Backup Policy

Schedule 2Z Virtual Servers, Firewalls and Load Balancers

FAYETTEVILLE STATE UNIVERSITY POLICY ON INFORMATION SECURITY

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Transcription:

IT BACKUP POLICY PURPOSE Brock University requires its data and systems to be backed up and the backup media (both tape and disk) be stored in a secure manner. This Policy aims to protect data and systems at Brock to ensure that they can be reliably recovered if required. This Policy also addresses recovery of data accidentally deleted by users, which is on a best effort basis. SCOPE This Policy applies to all University electronic data stored on all IT-managed applications and systems. POLICY STATEMENT Brock University systems must be regularly backed up and the backups must be restorable. The standard backup interval is once per day. Data owners may request a change to this interval for their data via a support request to the Information Technology Services Help Desk. Backup media must be stored off site. Backup media must be protected from physical and environmental damage (e.g., fire, water, dust, etc.). Backup media must be secured through controlled access. A current inventory of all offsite backup media must be maintained., An annual physical inventory, including offsite media, must be performed and the results reviewed by the Director, IT Infrastructure. Data no longer required must be removed from backup media in a manner that prevents the data from being read. The Standards for Backup support this Policy with detailed backup requirements which must be complied with. DEFINITIONS Data Backup: A periodic copy of data to either disk and / or tape for the purpose of being able to restore data in case of Page 1 of 2

data loss. Data Restore: A process to copy backup files from secondary media to return data to its original condition. COMPLIANCE AND REPORTING ITS enforces this Policy and the related Standards at all times. Anyone who has reason to suspect a deliberate and / or significant violation of this Policy is encouraged to promptly report it to the Information Technology Services ( ITS ) Help Desk. Policy violations that come to the attention of the ITS Help Desk will be escalated to the Director, Infrastructure. Policy violations will be assessed and action taken to remediate the violation subject to collective agreements and / or other contractual conditions. Where Policy violations are considered severe and / or cannot be easily remediated, the incident will be escalated to the AVP, ITS for further action. Periodically, the AVP, ITS will provide to SAC a summary of all policy violations. Policy owner: Associate Vice-President, Information Technology Services Authorized by: Board of Trustees, Capital Infrastructure Committee Accepted by: SAC Effective date: March 2016 Next review: March 2017 Revision history: New Related documents: Standards for Backup IT Backup Policy Page 2 of 2

Brock University Version 0.9 Prepared By: Sergio Sartor Andreas Paulisch Allan Surrey Brad Saxton

Contents 1. Revisions... 3 i. Document Editors... 3 ii. Document Reviewers... 3 iii. Intended Audience... 3 iv. References and Related Documents... 3 1. Purpose... 4 2. Requirements... 4 2.1 Backup Media... 4 2.2 Backup Methodology... 4 2.3 Data Identification... 5 2.4 Additional Backups... 5 2.5 Backup Testing... 5 2.6 Off Site Storage... 5 2.7 Destruction of Data... 6 2.8 Backup Inventory... 6 2.9 Network Backup... 6 2.10 Backup Monitoring... 6 3. Data Backup Environment... 7 3.1 Server Backups... 7 3.2 Database Backups... 7 4. Data Backup Definitions... 7 5. Appendix 1: Backup Server Details... 8 2

1. Revisions Version Primary Author(s) Description of Version Date 0.5 Various Initial implementation November 25, 2014 0.7 Al Surrey & Sergio Updated based on internal ITS feedback. December 9, 2014 Sartor i. Document Editors Reviewer Section(s) ii. Document Reviewers Reviewer Section(s) iii. Intended Audience This document is intended for all users and administrators of Data Backup media and systems at Brock University. iv. References and Related Documents Version Title Document Location Date Accessed mm/dd/yyyy 3

1. Purpose The purpose of this document is to support and outline in detail the requirements of the IT Backup Policy. These requirements are mandatory and must be adhered to by all data custodians and backup administrators. 2. Requirements 2.1 Backup Media Backup media include either tape or disk External hard drives and thumb drives are not considered reliable backup media and therefore must NOT be used as primary backup media Backup tapes must have a lifespan of no more than five (5) years Tapes less than 5 years old will be recycled Tapes more than 5 years old will be destroyed Tapes no longer required will be destroyed Backup media will be identifiable as belonging to Brock University Tapes must be appropriately labelled and include the date the tape was put into service. 2.2 Backup Methodology Backups must be automated Backups must be performed on a scheduled basis to meet specific recovery times objectives (RTO) and recovery point objectives (RPO) parameters set by the data owners (see Backup Definitions for RTO and RPO definitions) If no specific RTO or RPO is defined, data is considered recoverable with an RPO of twenty-four (24) hours once per day. 4

2.3 Data Identification It is the responsibility of the data owner to identify data that is critical and needs to be backed up. This identification is captured as requirements during the implementation cycle of a system or service. Changes to this can be made by the data owner via a service request at the Information Technology Services ( ITS ) Help Desk. Data and files NOT stored in centrally managed shared drives (e.g., My Documents) are not backed up. 2.4 Additional Backups Data or system backups that are required outside of the standard backup schedule can be requested via a service request at the ITS Help Desk. 2.5 Backup Testing Backup schedules must be developed for all new systems and the restore must be tested prior to putting into production. Existing systems must be tested on a periodic basis to ensure backups are reliable. A log of these tests must be maintained by the backup administrator showing last test and restore dates. Logs must be retained for a minimum of three years Logs must be reviewed annually by the Director, IT Infrastructure, with physical evidence (e.g., signoff) of review. 2.6 Off Site Storage At least one copy of a data backup must be kept in a location at least 50 meters from the physical location of the system the backup was performed on. This site must be secure and a log of entry maintained Logs must be retained for a minimum of one (1) year Access permissions to the secure location must be reviewed annually by the Director, IT Infrastructure, with physical evidence (e.g., signoff) or review. During transport of backup media to the off-site storage location, the media in transit must not be left unattended and must be secured at all times. 5

2.7 Destruction of Data Recycled media may be overwritten and reused Retired media must be destroyed so it is unreadable and cannot be accessed. 2.8 Backup Inventory An inventory of all removable backup media must be maintained by the backup administrator showing the identification of media and systems associated with the media set. A physical inventory of removable backup media must be conducted annually. Exceptions must be identified and investigated. The results must be reviewed and signed off by the Director, IT Infrastructure. 2.9 Network Backup A log of current network devices and their configurations must be maintained to aid in recovery of the devices to their most recent state if required. It is the responsibility of the network administrators to maintain this log and a backup copy. The log must be reviewed annually for completeness and accuracy, with exceptions identified and investigated by the network administrator. The results must be reviewed and signed off by the Director, IT Infrastructure. 2.10 Backup Monitoring The backup log must be reviewed daily during business hours (Monday - Friday) by the backup administrators to identify exceptions / failures. In the event of a backup failure, the failure must be assessed for severity by the backup administrator and if deemed critical, an IT service desk ticket created. A determination will be made on the cause of the failure and the next appropriate window of opportunity identified to restart the backup. The ticket will be closed once a successful backup has been completed. 6

3. Backup Environment 3.1 Server Backups All Brock University system and data backups must be performed using backup software that meets the standards for data backup as defined in this document. This includes Microsoft System Center Data Protection Manager (DPM) for Windows systems and EMC Networker Software for Linux systems. 3.2 Database Backups Database backups are used for data recoveries and may be used in conjunction with a system level backup. A typical database backup is configured as follows: SQL Server databases for critical applications are backed up using Idera backup software nightly to a local disk and a network disk Network database disk backups are backed up by DPM Database logs are created every 10 minutes to disk Partial data recoveries can be made by IDERA and DPM (when a local copy is not available). 4. Backup Definitions Protection Group: A protection group is a collection of data sources that share the same protection configurations and settings. Recovery Point Objective (RPO): The age of files that must be recovered from backup storage for normal operations to resume if a failure occurs. Recovery Time Objective (RTO): The targeted duration of time within which a business process must be restored after a disruption to avoid unacceptable consequences. Replica: System Center Data Protection Manager (DPM) creates a replica of the data on its own storage subsystem. This happens on a set schedule and is called a replica. Synchronization: Synchronization is the process by which DPM transfers data changes from a system to a server and then applies the changes to the replica. It relies on synchronization to keep the replicas synchronized with live data. 7

Synchronization Frequency: DPM allows a synchronization frequency level interval anywhere from 15 minutes to 24 hours. 5. Appendix 1: Backup Server Details Server Name NOAH CUBIT CITS- ARK Backup Software Version Total Disk Microsoft System Center 2012 Data Protection Manager Microsoft System Center 2012 Data Protection Manager Microsoft System Center 2012 Data Protection Manager Tapes Tape Drives Storage 4.1.3453.0 20TB 220 2 49 4.2.1254.0 37TB 70 2 24 4.2.1273.0 22TB 220 2 49 Agents 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information