Backups
When it comes to IT disruptions, accidental errors or deliberate attacks, backups have a crucial role to guarantee the recovery of the situation.
Backup criteria
- Backups are archived in remote locations
- Backups are encrypted in-transit and at-rest
- Backups are accessible to internal IT members
- Backups are stored for at least 1 year
- Backup procedures are tested every 6 months
- A backup inventory is kept up to date
- If the backup procedure creates interferes with service delivery, it's performed during non working hours
Backup and Restore procedure
For each service, Internal IT evaluates if there's a need of backup.
Main considerations:
- services used for test purposes can be excluded
- services that are not critical for the company can be excluded
- services that guarantee strategies of high availability and fault recovery can be excluded
For all other services, ad-hoc backup and restore procedures are defined, taking into account the acceptable risk and the importance of the data. For each of them, the following items documents are produced:
- backup procedure
- restore procedure
- backup/restore journal (who,when)