Related policies and additional references:
This policy was reviewed and updated by Information Services in SU18. Due to the nature of the policy I am recommending a review ever other year going forward.
The purpose of this document is to outline the IS departments backup policy for the computer systems in use by St Mary’s University. The policy described within this document follows industry standards for providing Disaster Recovery capabilities for St Mary’s University computer systems.
IS is responsible under the Data Protection Act for ensuring that all personnel and identifiable data is recoverable in the event of accident loss or damage, and that all personnel and identifiable data on recoverable media is securely protected.
What Will Be Backed Up
All computer systems designated as providing mission critical, production and development services. Computer systems will be backed up on redundant disk media and stored at a secure off-site location.
The industry standard GFS (Grandfather-Father-Son) scheme for the scheduling, rotation, and retention of backups will be implemented by IS.
- Daily backups will be scheduled Sunday through Friday outside of business hours.
- Weekly backups will be scheduled during each weekend outside of business hours.
- Monthly backups will be scheduled on the last day of each month outside of business hours.
- The departmental Dshare file server will have a Shadow Copy snapshot taken every four hours.
- Production Oracle databases will have their archive and redo logs backed up a minimum four times a day during business hours.
|D = Daily; W = Weekly; M = Monthly|
Retention of Backups
Backups will be kept on redundant disk media for the following durations.
- Daily backups will be kept for a minimum seven days.
- Weekly backups will be kept for five weeks.
- Monthly backups will be kept for 12 months.
All backups stored on redundant disk media will be encrypted to protect Faculty, Staff, and Student information. IS will be responsible for ensuring that the encryption keys are kept secure.
Off-site Storage of Backups
All Daily, Weekly, and Monthly, backup media will be kept at a secure off-site location.
The secure off-site location is defined as a physical location far enough away from the St Mary’s Data Center as to be protected from a Data Center disaster. The location is safe from environmental hazards, and secure from physical access by other persons that are not members of the IS department.
Replication of Disk Backup Media
Replication of the disk backup media to and from the off-site location will occur automatically based upon the backup software’s best practice configuration. IS staff will be responsible for ensuring that any disk replication is functioning correctly at all times.
Expiration of Backup Media
All disk media that has been end-of-life will be either erased, or physically destroyed, and removed from backup use.
A weekly backup log will be issued to keep a report of backups, their status, which disk and tape media are used, and maintenance of the backup system.
Testing and validation will be performed monthly by IS to ensure the correctness of backups and backup media.
A random selection of computer systems will have small data sets selected from random Weekly, and Monthly, backup media to be restored in a way that will not impact production needs.
Successful restoration of data will indicate the correctness of St Mary’s Backup Procedures. Refer St Mary’s University Backup Procedures document.
Restore Time Objective
Personnel and identifiable data will not be recoverable if older than a year.
The Recovery Time Objective for the restore of individual data may be up to seven business days, but not longer than seven business days.