Data Backup PolicyBy Erik Eckel

Data Backup PolicyBy Erik Eckel

Copyright 2012 by CBS Interactive Inc. All rights reserved.

TechRepublic and its logo are trademarks of CBS Interactive Inc.

All other product names or services identified throughout this

book are trademarks or registered trademarks of their respective

companies.

Original Purchaser of this document may modify and redistribute

this policy and associated documents within the organization for

which it was purchased. External sale or redistribution without

prior written permission is forbidden.

Published by TechRepublic April 2012

Disclaimer

This policy is not a substitute for legal advice. If you have

legal questions related to this policy, see your lawyer.

The information contained herein has been obtained from

sources believe to be reliable. CBS Interactive Inc. disclaims all

warranties as to the accuracy, completeness, or adequacy of

such information. CBS Interactive Inc. shall have no liability for

errors, omissions, or inadequacies in the information contained

herein or for the interpretations thereof. The reader assumes sole

responsibility for the selection of these materials to achieve its

intended results. The opinions expressed herein are subject to

change without notice.

TechRepublic

1630 Lyndon Farm Court

Suite 200

Louisville, KY 40223

Online Customer Support:

http://techrepublic.custhelp.com/

Credits

Editor In Chief

Jason Hiner

Head Technology Editor

Bill Detwiler

Head Blogs Editor

Toni Bowers

Senior Editors

Mark Kaelin

Jody Gilbert

Selena Frye

Mary Weilage

Sonja Thompson

Graphic Designer

Kimberly Smith

Data Backup Policy

SummaryTo protect against data loss and enable business continuity in the event of a disaster, the organization must regularly

make backup copies of its electronic files, email, documents, spreadsheets, databases, CRM, financial, sales and

other systems, and application and server information. Staff members must understand exactly what information is

backed up, how many copies of the backups are kept, and how long each data backup is retained. Further, IT staff

members must decide who is responsible for administering, maintaining, monitoring, and testing backups.

ObjectiveTo define what organization data and information is backed up, when backup operations are to run, how many backup

sets are kept, how long backup sets are retained, where backup sets will be physically stored, who is responsible for

rotating backup sets, who is responsible for testing backups, and how often backup tests will be conducted.

AudienceAll users and IT department staff members are affected by this policy.

Policy PurposeThe Data Backup Policys purpose is to assist the organization and its staff members in understanding what

information is backed up, how backups are administered and maintained, and who is responsible for managing and

performing backup tasks. The policy strives to help the staff understand that data backups do not necessarily create

data archive sets. Only by ensuring that each staff member is aware that the critical data with which he or she works

is being backed up, and only by confirming that IT staff members are indeed backing up that data and maintaining

and testing those backup sets, can the organization properly protect against data loss and enable business

continuity in the event of a catastrophic event.

Data Backup SelectionsDue to the number of systems, applications, servers, and sites that the IT department must manage, it is possible

that data associated with programs or software installed by end users may not be backed up. In other cases, the

organizations IT staff may not be aware that users are storing data in specific locations or on specific systems.

To ensure that there are no misunderstandings and to prevent important data from being lost due to a disk failure,

system corruption, user error, or other event, use the Data Backup Checklist at the end of this document. The form

provides a simple method for submitting data backup requests to the technology partner responsible for managing

the organizations data backups.

Backup SchedulingThe organizations data backup operations run after hours to ensure that server and network performance are not

compromised during typical business hours. Based on the organizations unique requirements, the following backup

schedule is used:

Site Server name Backup method Backup type Schedule

HQ DC1 Windows NT Backup Full backups Saturdays 12 PM

HQ DC1 Windows NT Backup Incremental backups Daily 9 PM

Note: Chart examples appear as italicized text; these values should be removed prior to policy implementation.

Data Backup RetentionThe organizations backup routines are designed to protect against data loss due to failed hard disks, system

corruption, user error, and other failures and to provide business continuity in the event of a catastrophic event. Data

backups are not meant to provide ready access to archived versions of old files. Users requiring archive creation of

documents, files, and other information should request an archiving or document versioning solution from the IT team.

The organization retains backups according to the following schedule:

Site Server Backup retention

HQ DC1 One Month

Data Backup Physical StorageIT representatives are responsible for managing the organizations backup routines. Data backups are regularly

rotated to secure offsite locations. The following table specifies where data backup sets are stored:

Site Server Active backup Secondary backup

HQ DC1 External disk sits on rackmount

server in Server Room 1A

External disk stored in

basement vault

Telegraph Road FS01 HP internal tape Telegraph Road Firesafe

Data Backup MonitoringThe IT team is responsible for monitoring backup operations each non-holiday business day. Critical systems, as

determined by senior executives, must be monitored 24x7x365.

In the event of a backup job failure, the IT team must create a trouble ticket. The trouble ticket must specify which

servers backup job failed and list applicable error codes. As IT staff members troubleshoot and resolve the backup

error, all pertinent details should be added to the trouble ticket for tracking purposes.

Any trouble ticket tracking a backup routine that fails three days in a row must be escalated to a directors attention.

Trouble tickets tracking backup failures may be closed only after a full backup completes on the respective system.

Data Backup TestingThe IT team is responsible for testing data backups quarterly. To successfully complete testing, a traditional backup

set must recover to a second system all data the backup media is scheduled to protect. For image backups to

pass testing, the image backup must successfully boot a second system to a proper operating environment that

replicates the operations and data of the original system.

Data Backup Change ReportingOrganizations, departments, and users frequently upgrade, change, and alter critical applications, programs, and

software. As a result, original data locations and storage space allocations can change, sometimes dramatically.

Whenever system changes, software upgrades, application migrations, and/or updates are implemented, users must

complete a new Data Backup Checklist and forward the form to the IT team for processing.

Acknowledgment of Data Backup PolicyThis form is used to acknowledge receipt of and compliance with the companys Data Backup Policy.

ProcedureComplete the following steps:

1. Read the Data Backup Policy.

2. Sign and date this form in the spaces provided below.

3. Return this page only to the IT department manager.

SignatureBy signing below, I agree to the following terms:

(i) I have received and read a copy of the Data Backup Policy and understand and agree to the same.

(ii) I understand and agree that I will report changes affecting data backup routines in accordance with the Data

Backup Change Reporting section of this policy.

(iii) I understand and agree that I am not to disclose, share, distribute, or otherwise provide data backup sets to

any other individual.

(iv) I understand and agree to properly secure and maintain data backup sets that are entrusted to me or my

department for safekeeping.

(v) I understand that violations of the Data Backup Policy could result in termination of employment and legal

action, including civil and criminal prosecution, should I fail to maintain compliance with and/or intentionally

violate the policys provisions.

Employee Signature Employee Title

Employee Name Date

Department/Location

Disclaimer: This policy is not a substitute for legal advice. If you have legal questions related to this policy, see your

lawyer.

Data Backup ChecklistUse this checklist to ensure that the technology partner managing the organizations data backups continues to

back up files, folders, data, and other information as part of a regularly monitored and tested routine. Once the user

enters his or her selections, the form should be provided to the technology partner for processing.

Backup Requestor Information

Name:

Department:

Date:

Backup Selection Requests x Description Server where data resides Share where data resides Anticipated size

x Financial data //DC1 //DC1/Data/Financial 2.0 GB

CRM data

Client information

Sales data

Application database

Proprietary database

Medical data/info

Licensing information

Images

Photographs

Audio files

Videos

Web content

Social media data

Marketing material

Email database

ERP data

Accounting data

Construction files

Legal files

User share: ______

Other: ___________

Other: ___________

Other: ___________