by Anonymous (not verified)
Backup policy

Objective: Ensure security and protection of university information and digital systems through periodic, secure data backups and effective retrieval.

Scope: All backed-up information, including electronic/non-electronic documents, databases, email, software, hardware, and storage media.

University Duties:

  • Software/Equipment: Use appropriate backup systems and tools.
  • Procedures: Establish clear backup procedures and instructions.
  • External Contracts: Exercise caution when dealing with external backup services.
  • External Storage: Define clear mechanisms for external storage locations.

System Manager Duties:

  • Permissions: Manage access permissions for backup processes.
  • Monitoring/Retrieval: Monitor backup processes and ensure correct data retrieval.
  • Encryption: Encrypt backup data according to classification policies.
  • Geographic Scheduling: Distribute backups locally and regionally based on data sensitivity.
  • Reporting: Submit periodic backup reports to management.

Information Security Manager Duties:

  • Evaluation: Conduct periodic tests to ensure data integrity and evaluate security risks.

User Duties:

  • Designated Locations: Save data to designated servers for backups.
  • Retrieval Requests: Submit official retrieval requests through the system administrator.

Detailed Simulation:

  • Acceptable Policy:
    • Automatic daily backups to multiple locations (internal/external).
    • Strong data encryption (AES-256).
    • Controlled access permissions with 2FA.
    • Scheduled backups without impacting peak usage.
    • Regular recovery testing and documentation.
    • Periodic status reports to management.
    • Result: Rapid data recovery, secure backups, successful recovery tests.
  • Unacceptable Policy:
    • Random, irregular backups.
    • No data encryption.
    • No external storage.
    • Unrestricted access to backups.
    • No recovery testing.
    • Lack of reporting and monitoring.
    • Result: Data loss, potential data leaks, delayed or impossible recovery.

Key Differences:

  • Acceptable: Organized, secure backups with schedules, encryption, and testing.
  • Unacceptable: Disorganized, lacking security measures, vulnerable to data loss.

Conclusion:

  • Proper backup policy implementation is crucial for data preservation and recovery.

Read more articles

External contracting policy at the university
Newer
External contracting policy at the university
Network security policy
Older
Network security policy
University Presidency
Anonymous (not verified)
1
min read
A- A+