Example of a data backup policy and procedure

March 1, 2010
By

A good backup policy starts with a clear objective such as, – The Company’s Data Backup is the responsibility of the relevant user, department manager or asset owner, who must define which data/information are to be backed up, the Recovery Point Objective (RTO) and the Retention Time (RT). The RPOs and RTs must be updated on regular basis. All backed-up data/information should be stored both locally and off-site on backup media such as, tapes and must be encrypted using adequate encryption methods.

Before proceeding further, I recommend you to try Logix Employee Monitor. A professional surveillance software, designed to monitor employees’ activities. The program contains many features to improve employee productivity and tracks and records all your employees’ computer activities and gives you remote access to this information, including typed keystrokes, visited websites, screenshots, and more.

The best way to turn any policy into practice is by defining every single step required to achieve the statement goals. The main entities mentioned in the above statement are data requirements (RTO and RT elements), data owners and users, off-site storage and security. Such statement does not define specific technical details such as, data integrity checks and jobs schedules, however, it is important to include these steps without details in your procedure. Another procedure or document would be needed to show such details. Remember, that policy statements are initiated by a member of senior management and need to be implemented by lower levels in the hierarchy of the organization. Furthermore, such procedure in the form of a flow-chart should be understandable by senior management, otherwise they would be reluctant to approve.

The procedure is divided into three main parts: the data requirements build-up, the backup strategy and checks, and the off-site backup process.

Backup procedure

Data owners request their data to be backed up whenever they deem necessary while a backup operator (IT Technician) checks with data owners the validity of the their requirements on regular basis,  depending on the business environment. The IT’s backup operator defines the backup strategy such as, job schedules and destination media for local backups and recoveries. Each and every backup job is checked for errors upon completion and the respective owner informed about the missed job. Each failed job should be recorded for auditing and problem escalation purposes. If the off-site backup media is tapes, then it is extremely important to restore some files from the previous tapes on regular basis and the same applies if the off-site media is a remote storage location such as, cloud or on-line backups providers. The backup strategy and off-site schedules vary with data criticality and with the business requirements and hence, intervals shown in the flow-chart are typical examples.

Tags: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *