INFORMATION GOVERNANCE POLICY: DATA BACKUP, RESTORE & FILE STORAGE HANDLING



Similar documents
INFORMATION GOVERNANCE POLICY: NETWORK SECURITY

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012

This policy is not designed to use systems backup for the following purposes:

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Policy Document. Communications and Operation Management Policy

Summary of Information Technology General Control Environment Findings for the year ended 30 June 2015

Grasmere Primary School Asset Management Policy

Data Security Policy

15 Organisation/ICT/02/01/15 Back- up

ITD BACKUP MANAGEMENT PROCEDURE

Mike Casey Director of IT

CENTER FOR NUCLEAR WASTE REGULATORY ANALYSES

IT Data Backup Policy

Rotherham CCG Network Security Policy V2.0

6. FINDINGS AND SUGGESTIONS

Backup Policy (ITP004) Information Technology Services Department

How To Ensure Network Security

BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT

Information Security Policies. Version 6.1

Mille Lacs County Data Services - Backup Policy

Version: Page 1 of 5

Web Site Download Carol Johnston

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

How To Answer A Question About Your Organization'S History Of Esi

Walton Centre. Asset Management. Information Security Management System: SS 03: Asset Management Page 1. Version: 1.

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

San Francisco Chapter. Information Systems Operations

Disaster Recovery Checklist Disaster Recovery Plan for <System One>

POLICY NAME IT DISASTER RECOVERY POLICY AND PLAN POLICY NUMBER POLICY FILE REFERENCE 3/3/6 DATE OF ADOPTION REVIEW OR AMENDMENT DATES

2.1 To define the backup strategy for systems and data within the Cape Winelands District Municipality (CWDM).

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0

UMHLABUYALINGANA MUNICIPALITY

University of Liverpool

Decision on adequate information system management. (Official Gazette 37/2010)

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)

Backup & Recovery: Time is Never an Ally

Rule 30(b)(6) Depositions in Electronic Discovery. Discovering What There Is to Discover

IT Data Security Policy

How To Write A Health Care Security Rule For A University

ITIL A guide to service asset and configuration management

DO NOT ASSUME THAT THE BACKUP IS CORRECT. MAKE SURE IT IS.

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

NHS Commissioning Board: Information governance policy

Auditing in an Automated Environment: Appendix C: Computer Operations

COMMERCIALISM INTEGRITY STEWARDSHIP. Back-up Policy & Guidance

IT SERVICE CONTINUITY AS RELATED TO THE MANAGEMENT OF ELECTRONIC RECORDS POLICY

Call: Disaster Recovery/Business Continuity (DR/BC) Services From VirtuousIT

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

RECORDKEEPING MATURITY MODEL

Information Governance Policy (incorporating IM&T Security)

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

NOT PROTECTIVELY MARKED FORCE PROCEDURES. Retention, Archiving and Destruction Procedure v1.2. Records Manager

Information Systems and Technology

IT Support & Maintenance Contract

IMS-ST-1.04 Document and Record Management. Prepared By: Jacqueline Raynes Print Date: 20/08/13 Version No: V01 Reviewed By: Jeff Innes

Network Security Policy

EUROLAB Cook Book Doc No. 13 ELECTRONIC RECORDS

Information Management Advice 18 - Managing records in business systems: Overview

Storing and securing your data

Yiwo Tech Development Co., Ltd. EaseUS Todo Backup. Reliable Backup & Recovery Solution. EaseUS Todo Backup Solution Guide. All Rights Reserved Page 1

Revised 8/21/01. Headquarters and Desktop Services Division Headquarters Operations Branch Backup, Restoration and Tape Retention Procedures

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT IT Backup, Recovery and Disaster Recovery Planning

Information Security Policy

An Approach to Records Management Audit

SUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

Hong Kong Baptist University

Data Security 2. Implement Network Controls

Document Management Plan Preparation Guidelines

Computer System Validation for Clinical Trials:

IT Sr. Systems Administrator

C. All responses should reflect an inquiry into actual employee practices, and not just the organization s policies.

HSCIC Audit of Data Sharing Activities:

More enhanced features.

Research Governance Standard Operating Procedure

Newcastle University Information Security Procedures Version 3

Data Quality Strategy 2006/2008

Network Security Policy

Transcription:

INFORMATION GOVERNANCE POLICY: DATA BACKUP, RESTORE & FILE STORAGE HANDLING Original Approved by: Policy and Procedure Ratification Sub-group on 23 October 2007 Version 2.2 Approved by : Information Governance Group Approval Date: 16 December 2009 Review Date: 16 December 2011 Responsible Person: Steve Ingleson, Director of Performance Management Circumstances may arise or there may be a change in guidance (e.g. NICE or Employment Law) where changes may be required to the Policy before the planned review date. Staff are responsible to identify this to the Policy Group via their Line Manager who will then put in place a policy review process. NOTE: All policies remain extant until notification of an amended policy is placed on the intranet. Policy Name: Data Backup, Restore & File Storage Handling Author: Carol Mitchell, Information Governance Manager Version: 2.2 Date: December 2009

Version Control Sheet: Version Date Author Status Comment 2.1 Sept 07 C Mitchell Approved 2.2 Dec 09 C Mitchell Approved Reviewed no changes required 2 of 6

NHS BRADFORD AND AIREDALE 4.5 DATA BACKUP, RESTORE & FILE STORAGE HANDLING Introduction The purpose of this policy is to maintain the integrity and availability of information, processing and communication services. This Policy is to ensure that necessary controls are in place to protect data in the event of a hardware failure, accidental deletion or unauthorised changes. Supporting Procedures None Risk Management The risks identified under this policy include unauthorised changes to information, loss of information, inaccurate information. 1.0 Backup Cycle / Generation 1.1 IT Services are responsible for taking and securing backups for all data and software stored on servers. Users are responsible for backups of data and software held on laptops. 1.2 Data and software backups will be taken on an appropriate timely basis. 1.3 The number of copies must be adequate i.e. daily, weekly. At least three generations/cycles must be kept for important business applications. 1.4 Backup copies of data will be taken prior to any new software or changes being installed e.g. software fixes, upgrades, new releases. 1.5 The backup database will be included in the backup process. 1.6 Alternative backup arrangements should be available. 2.0 Tape / Disk Identification 2.1 Backup tapes /disks will be suitably labelled to ensure that an unauthorised person cannot identify the contents. 3.0 Checking and Recording of Backups 3.1 IT Services will maintain a record to reflect: 3 of 6

when the backup was taken the serial number of the tape / disk used the volume of data backed up elapsed time initials of person checking backup comments as necessary e.g. errors 3.2 The backup copy will be verified against the original as part of the backup job. 4.0 Secure Storage of Backups 4.1 On site backup copies will be stored in a suitable location e.g. a fireproof cabinet. 4.2 Fireproof cabinets used to store backups will be serviced / checked annually. 4.3 Current backup copies will be stored off site at a secure location, at a sufficient distance to escape any damage from a disaster at the main site. 4.4 Copies of key master software will be stored off site. 4.5 Procedures will be established for emergency access to off site storage. 4.6 Backup copies will be transported to off site storage securely. 4.7 Periodic audits of backup copies and storage locations will be undertaken. 4.8 Long term storage will be reviewed annually where appropriate. 4.9 Long term storage media will be rotated and checked for reliability and errors. 5.0 Restores 5.1 Backup copies will be regularly tested where practicable to ensure that it can be relied upon for emergency use when necessary. 5.2 Restore procedures will be regularly checked and tested to ensure that they are effective and that they can be completed within the time allocated in the recovery procedures. 5.3 Restores will be authorised and documented. 6.0 Review 4 of 6

6.1 The frequency and content of backups will be reviewed to ensure that they are adequate. 6.2 Long term backup copies will be reviewed to: confirm the need ensure reliability of copies 7.0 Documentation 7.1 Backup procedures will be documented and should include: responsibility for backups including a nominated deputy what is backed up frequency and time of backup 7.2 Restore procedures will be documented and should include: clearly identified responsibilities control checks and recording plans for testing of the restore process to reflect how, frequency, sign off process etc. 7.3 A copy of the backup and restore procedures will be stored off site. 8.0 Staff awareness 8.1 Users will be advised that: data should not be held on local drives a copy of data stored on portable equipment e.g. laptops must be taken regularly backup copies must be stored securely and where appropriate stored off site 9.0 Legal Requirements 9.1 The retention and use of backup copies of data must be in compliance with legal requirements. 10.0 File Storage Handling and Security 10.1 Where necessary and practical, authorisation will be required for all copies of data removed from the tpct and a record must be maintained. 10.2 Where no longer required, the previous content of any re-usable file storage media that are to be removed from the tpct will be erased. 5 of 6

10.3 All file storage media will be stored in a safe, secure environment, in accordance with manufacturer s specifications. 10.4 Procedures will be established to ensure that file storage media containing sensitive information is disposed of securely and safely. (see Information Governance Website) 10.5 System documentation will be stored securely and access to it must be kept to a minimum and controlled by the application owner. 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information