DATA BACKUP AND RECOVERY POLICY

Transcription

1 DATA BACKUP AND RECOVERY POLICY

2 4ITP04 Revision 01 TABLE OF CONTENTS 1. REVISION RECORD PURPOSE SCOPE AND APPLICABILITY DEFINITIONS AND ABBREVIATIONS POLICY STATEMENTS PRINCIPLES REFERENCES RECORDS FLOWCHART RESPONSIBILITIES /9

3 4ITP04 Revision REVISION RECORD Revision Date (Month Details of Revision Revised by Number Year) 01 October 2016 First working document. IT Team 3/9

4 4ITP04 Revision PURPOSE Provide guidelines to ensure that data backup plans and procedures shall be in place to facilitate the normal functioning of critical IDM activities in the event of a failure or disaster. It preserve the confidentiality, Integrity and Availability (CIA) of IDM information assets. The policy also aims to manage and secure backup and restoration processes and the media employed in the process. 3. SCOPE AND APPLICABILITY This policy is applicable to all users including temporary staff, vendors, service providers and external consultants who make use of IDM s information assets. 4. DEFINITIONS AND ABBREVIATIONS i. CIA: Confidentiality, Integrity and Availability ii. Backup Media: media you back up data on to eg eternal hard drives, tapes, CDs etc iii. Information Asset: Electronic data, information, business application system, operating systems, computer equipment and other IT infrastructure. iv. Server: It is a physical computer dedicated to running one or more services to serve the needs of the of other computers on the network 5. POLICY STATEMENTS The policy set out the control conditions related to data backup activities within IDM. All types of backups as may be required shall all be made in accordance with the backup strategy. 4/9

5 4ITP04 Revision PRINCIPLES The following shall be adhered to, to comply with the policy requirements Data Backup Plan A data backup plan shall at minimum include the following; Identification of Critical data, information and software that needs to be backed up. Retention periods for backups All systems will be backed up according to the schedule below: o Incremental backup daily (Mon.-Fri.) and data located on-site. o Full backup weekly (Sat.) and data located off-site Data Backed Up Data to be backed up include the following; User data stored on the hard drive (My Documents) System state data The registry The following are systems to be backed up Mail Server File server Web server Application Servers ( SMS, Teammate, Antivirus Console) Domain Controllers Storage server Network Infrastructure (Routers and Firewall settings) Backup Cycles The standard backup cycles that IDM shall employ is daily, weekly and Monthly (Grandfathering technique). 5/9

6 4ITP04 Revision Backup Media Backup media will be transported and stored as described below: Currently all backups will be written to reusable Media will be clearly labelled and stored in a secure area that is accessible only to IT staff or employees of the contracted secure off-site media vaulting vendor used by IT. During transport or changes of media, media will not be left unattended. Daily backups will be stored on-site in a physically secured fire-proof safe located in a building separate from the Server Rooms. o Daily backups will be maintained for one week. Weekly backups will be stored in a physically secured, off-site media vaulting location maintained by a third party. o Weekly backups will be maintained for a period of three weeks. o After the period of three weeks has elapsed, the tapes will be returned to IT and will be re-used Data Retention Data retention shall follow IDM s Records and Information retention policies. Media will be retired and disposed of as described below: Prior to retirement and disposal, IT will ensure that: The media no longer contains active backup images The media s current or former contents cannot be read or recovered by an unauthorized party. With all backup media, IT will ensure the physical destruction of media prior to disposal. 6/9

7 4ITP04 Revision Backup Verification Backups will be verified periodically. On a daily basis, logged information generated from each backup job will be reviewed for the following purposes: o To check for and correct errors. o To monitor the duration of the backup job. o To optimize backup performance where possible. IT will identify problems and take corrective action to reduce any risks associated with failed backups. Random test restores will be done once a week in order to verify that backups have been successful IT will maintain records demonstrating the review of logs and test restores so as to demonstrate compliance with this policy for auditing purposes Data Recovery In the event of a catastrophic system failure, off-site backed up data will be made available to users within 3 working days if the destroyed equipment has been replaced by that time. In the event of a non-catastrophic system failure or user error, on-site backed up data will be made available to users within 1 working day Restoration Requests In the event of accidental deletion or corruption of information, requests for restoration of information will be made to the IT Manager. 6. REFERENCES IT Policy, Security Procedure, Records and Information Retention Policy 7. RECORDS Offsite Backup log-sheet, Daily Backup Log, Backup Logs, Restoration Test results 7/9

8 4ITP04 Revision FLOWCHART Hosted Solutions ERP, Payroll, ICAS, HR,Colcampus Point of Failure Daily Backup Mon-Friday Incremental Onsite Storage Weekly Backup Every Saturday Full Backup Offsite Storage Monthly Backup Fourth Weekly Backup Full Backup Off-site Storage 8/9

9 4ITP04 Revision RESPONSIBILITIES Backups and Data Recovery: IT Manager Botswana Campus T: IT Manager Swaziland Campus T: IT Manager Swaziland Campus T: IT Regional Office T: Verification IT Manager Projects T: /9