The purpose of this document is to outline the ITS departments backup policy for the computer systems in use by St Mary’s University. The policy described within this document follows industry standards for providing Disaster Recovery capabilities for St Mary’s University computer systems.
ITS is responsible under the Data Protection Act for ensuring that all personnel and identifiable data is recoverable in the event of accident loss or damage, and that all personnel and identifiable data on recoverable media is securely protected.
All computer systems designated as providing mission critical, production and development services. Computer systems will be backed up on redundant disk media and stored at a secure off-site location.
The industry standard GFS (Grandfather-Father-Son) scheme for the scheduling, rotation, and retention of backups will be implemented by ITS.
|D = Daily; W = Weekly; M = Monthly|
Backups will be kept on redundant disk media for the following durations.
All backups stored on redundant disk media will be encrypted to protect Faculty, Staff, and Student information. ITS will be responsible for ensuring that the encryption keys are kept secure.
All Daily, Weekly, and Monthly, backup media will be kept at a secure off-site location.
The secure off-site location is defined as a physical location far enough away from the St Mary’s Data Center as to be protected from a Data Center disaster. The location is safe from environmental hazards, and secure from physical access by other persons that are not members of the ITS department.
Replication of the disk backup media to and from the off-site location will occur automatically based upon the backup software’s best practice configuration. ITS staff will be responsible for ensuring that any disk replication is functioning correctly at all times.
All disk media that has been end-of-life will be either erased, or physically destroyed, and removed from backup use.
A weekly backup log will be issued to keep a report of backups, their status, which disk and tape media are used, and maintenance of the backup system.
Testing and validation will be performed annually by ITS to ensure the correctness of backups and backup media.
A random selection of computer systems will have small data sets selected from random Weekly, and Monthly, backup media to be restored in a way that will not impact production needs.
Successful restoration of data will indicate the correctness of St Mary’s Backup Procedures. Refer St Mary’s University Backup Procedures document.
Personnel and identifiable data will not be recoverable if older than a year.
The Recovery Time Objective for the restore of individual data may be up to seven business days, but not longer than seven business days.