Policy Library 1 Camino Santa MariaSan Antonio, TX 78228 +1-210-436-3011 Policy Library logo William Joseph Chaminade St. Mary's University, Texas
Official policies of St. Mary's University

Data Server Backup

Approver(s):

Executive Council

Authorizes release:

Vice President for Information Services

Responsible office:

Information Technology Services

Review cycle:

Annually or as required

Adopted:

November 2012

Last update:

September 2017

Next review:

June 2018

Summary

The purpose of this document is to outline the ITS departments backup policy for the computer systems in use by St Mary’s University. The policy described within this document follows industry standards for providing Disaster Recovery capabilities for St Mary’s University computer systems.

Introduction

ITS is responsible under the Data Protection Act for ensuring that all personnel and identifiable data is recoverable in the event of accident loss or damage, and that all personnel and identifiable data on recoverable media is securely protected.

What Will Be Backed Up

All computer systems designated as providing mission critical, production and development services. Computer systems will be backed up on redundant disk media and stored at a secure off-site location.

Backup Schedules

The industry standard GFS (Grandfather-Father-Son) scheme for the scheduling, rotation, and retention of backups will be implemented by ITS.

  • Daily backups will be scheduled Sunday through Friday outside of business hours.
  • Weekly backups will be scheduled during each weekend outside of business hours.
  • Monthly backups will be scheduled on the last day of each month outside of business hours.
  • The departmental Dshare file server will have a Shadow Copy snapshot taken every four hours.
  • Production Oracle databases will have their archive and redo logs backed up a minimum four times a day during business hours.
Example of the GFS scheduling policy for a given month.
D = Daily; W = Weekly; M = Monthly
Week/Day Sun Mon Tue Wed Thu Fri Sat
1 D D D D D D W
2 D D D D D D W
3 D D D D D D W
4 D D D D D D M

Retention of Backups

Backups will be kept on redundant disk media for the following durations.

  • Daily backups will be kept for a minimum seven days.
  • Weekly backups will be kept for five weeks.
  • Monthly backups will be kept for 12 months.

Encryption

All backups stored on redundant disk media will be encrypted to protect Faculty, Staff, and Student information. ITS will be responsible for ensuring that the encryption keys are kept secure.

Off-site Storage of Backups

All Daily, Weekly, and Monthly, backup media will be kept at a secure off-site location.

The secure off-site location is defined as a physical location far enough away from the St Mary’s Data Center as to be protected from a Data Center disaster. The location is safe from environmental hazards, and secure from physical access by other persons that are not members of the ITS department.

Replication of Disk Backup Media

Replication of the disk backup media to and from the off-site location will occur automatically based upon the backup software’s best practice configuration. ITS staff will be responsible for ensuring that any disk replication is functioning correctly at all times.

Expiration of Backup Media

All disk media that has been end-of-life will be either erased, or physically destroyed, and removed from backup use.

Backup Logging

A weekly backup log will be issued to keep a report of backups, their status, which disk and tape media are used, and maintenance of the backup system.

Testing/Validation

Testing and validation will be performed annually by ITS to ensure the correctness of backups and backup media.

A random selection of computer systems will have small data sets selected from random Weekly, and Monthly, backup media to be restored in a way that will not impact production needs.

Successful restoration of data will indicate the correctness of St Mary’s Backup Procedures. Refer St Mary’s University Backup Procedures document.

Restore Time Objective

Personnel and identifiable data will not be recoverable if older than a year.

The Recovery Time Objective for the restore of individual data may be up to seven business days, but not longer than seven business days.

©2017. All rights reserved.