data backup policy
DESCRIPTION
Data Backup PolicyTRANSCRIPT
-
Data Backup PolicyBy Erik Eckel
-
Data Backup PolicyBy Erik Eckel
Copyright 2012 by CBS Interactive Inc. All rights reserved.
TechRepublic and its logo are trademarks of CBS Interactive Inc.
All other product names or services identified throughout this
book are trademarks or registered trademarks of their respective
companies.
Original Purchaser of this document may modify and redistribute
this policy and associated documents within the organization for
which it was purchased. External sale or redistribution without
prior written permission is forbidden.
Published by TechRepublic April 2012
Disclaimer
This policy is not a substitute for legal advice. If you have
legal questions related to this policy, see your lawyer.
The information contained herein has been obtained from
sources believe to be reliable. CBS Interactive Inc. disclaims all
warranties as to the accuracy, completeness, or adequacy of
such information. CBS Interactive Inc. shall have no liability for
errors, omissions, or inadequacies in the information contained
herein or for the interpretations thereof. The reader assumes sole
responsibility for the selection of these materials to achieve its
intended results. The opinions expressed herein are subject to
change without notice.
TechRepublic
1630 Lyndon Farm Court
Suite 200
Louisville, KY 40223
Online Customer Support:
http://techrepublic.custhelp.com/
Credits
Editor In Chief
Jason Hiner
Head Technology Editor
Bill Detwiler
Head Blogs Editor
Toni Bowers
Senior Editors
Mark Kaelin
Jody Gilbert
Selena Frye
Mary Weilage
Sonja Thompson
Graphic Designer
Kimberly Smith
-
Data Backup Policy
SummaryTo protect against data loss and enable business continuity in the event of a disaster, the organization must regularly
make backup copies of its electronic files, email, documents, spreadsheets, databases, CRM, financial, sales and
other systems, and application and server information. Staff members must understand exactly what information is
backed up, how many copies of the backups are kept, and how long each data backup is retained. Further, IT staff
members must decide who is responsible for administering, maintaining, monitoring, and testing backups.
ObjectiveTo define what organization data and information is backed up, when backup operations are to run, how many backup
sets are kept, how long backup sets are retained, where backup sets will be physically stored, who is responsible for
rotating backup sets, who is responsible for testing backups, and how often backup tests will be conducted.
AudienceAll users and IT department staff members are affected by this policy.
Policy PurposeThe Data Backup Policys purpose is to assist the organization and its staff members in understanding what
information is backed up, how backups are administered and maintained, and who is responsible for managing and
performing backup tasks. The policy strives to help the staff understand that data backups do not necessarily create
data archive sets. Only by ensuring that each staff member is aware that the critical data with which he or she works
is being backed up, and only by confirming that IT staff members are indeed backing up that data and maintaining
and testing those backup sets, can the organization properly protect against data loss and enable business
continuity in the event of a catastrophic event.
Data Backup SelectionsDue to the number of systems, applications, servers, and sites that the IT department must manage, it is possible
that data associated with programs or software installed by end users may not be backed up. In other cases, the
organizations IT staff may not be aware that users are storing data in specific locations or on specific systems.
To ensure that there are no misunderstandings and to prevent important data from being lost due to a disk failure,
system corruption, user error, or other event, use the Data Backup Checklist at the end of this document. The form
provides a simple method for submitting data backup requests to the technology partner responsible for managing
the organizations data backups.
Backup SchedulingThe organizations data backup operations run after hours to ensure that server and network performance are not
compromised during typical business hours. Based on the organizations unique requirements, the following backup
schedule is used:
-
Site Server name Backup method Backup type Schedule
HQ DC1 Windows NT Backup Full backups Saturdays 12 PM
HQ DC1 Windows NT Backup Incremental backups Daily 9 PM
Note: Chart examples appear as italicized text; these values should be removed prior to policy implementation.
Data Backup RetentionThe organizations backup routines are designed to protect against data loss due to failed hard disks, system
corruption, user error, and other failures and to provide business continuity in the event of a catastrophic event. Data
backups are not meant to provide ready access to archived versions of old files. Users requiring archive creation of
documents, files, and other information should request an archiving or document versioning solution from the IT team.
The organization retains backups according to the following schedule:
Site Server Backup retention
HQ DC1 One Month
Data Backup Physical StorageIT representatives are responsible for managing the organizations backup routines. Data backups are regularly
rotated to secure offsite locations. The following table specifies where data backup sets are stored:
Site Server Active backup Secondary backup
HQ DC1 External disk sits on rackmount
server in Server Room 1A
External disk stored in
basement vault
Telegraph Road FS01 HP internal tape Telegraph Road Firesafe
-
Data Backup MonitoringThe IT team is responsible for monitoring backup operations each non-holiday business day. Critical systems, as
determined by senior executives, must be monitored 24x7x365.
In the event of a backup job failure, the IT team must create a trouble ticket. The trouble ticket must specify which
servers backup job failed and list applicable error codes. As IT staff members troubleshoot and resolve the backup
error, all pertinent details should be added to the trouble ticket for tracking purposes.
Any trouble ticket tracking a backup routine that fails three days in a row must be escalated to a directors attention.
Trouble tickets tracking backup failures may be closed only after a full backup completes on the respective system.
Data Backup TestingThe IT team is responsible for testing data backups quarterly. To successfully complete testing, a traditional backup
set must recover to a second system all data the backup media is scheduled to protect. For image backups to
pass testing, the image backup must successfully boot a second system to a proper operating environment that
replicates the operations and data of the original system.
Data Backup Change ReportingOrganizations, departments, and users frequently upgrade, change, and alter critical applications, programs, and
software. As a result, original data locations and storage space allocations can change, sometimes dramatically.
Whenever system changes, software upgrades, application migrations, and/or updates are implemented, users must
complete a new Data Backup Checklist and forward the form to the IT team for processing.
-
Acknowledgment of Data Backup PolicyThis form is used to acknowledge receipt of and compliance with the companys Data Backup Policy.
ProcedureComplete the following steps:
1. Read the Data Backup Policy.
2. Sign and date this form in the spaces provided below.
3. Return this page only to the IT department manager.
SignatureBy signing below, I agree to the following terms:
(i) I have received and read a copy of the Data Backup Policy and understand and agree to the same.
(ii) I understand and agree that I will report changes affecting data backup routines in accordance with the Data
Backup Change Reporting section of this policy.
(iii) I understand and agree that I am not to disclose, share, distribute, or otherwise provide data backup sets to
any other individual.
(iv) I understand and agree to properly secure and maintain data backup sets that are entrusted to me or my
department for safekeeping.
(v) I understand that violations of the Data Backup Policy could result in termination of employment and legal
action, including civil and criminal prosecution, should I fail to maintain compliance with and/or intentionally
violate the policys provisions.
Employee Signature Employee Title
Employee Name Date
Department/Location
Disclaimer: This policy is not a substitute for legal advice. If you have legal questions related to this policy, see your
lawyer.
-
Data Backup ChecklistUse this checklist to ensure that the technology partner managing the organizations data backups continues to
back up files, folders, data, and other information as part of a regularly monitored and tested routine. Once the user
enters his or her selections, the form should be provided to the technology partner for processing.
Backup Requestor Information
Name:
Department:
Date:
Backup Selection Requests x Description Server where data resides Share where data resides Anticipated size
x Financial data //DC1 //DC1/Data/Financial 2.0 GB
CRM data
Client information
Sales data
Application database
Proprietary database
Medical data/info
Licensing information
Images
Photographs
Audio files
Videos
Web content
Social media data
Marketing material
Email database
ERP data
Accounting data
Construction files
Legal files
User share: ______
Other: ___________
Other: ___________
Other: ___________