Policy
Policy Name
Information Backup and Restoration Policy

Overview
Information (to include tape) backup and restoration is the process of ensuring system and application availability by backing up key information onto physical or tape media in the event information may need to be restored after a disaster or unintended errors.

Statement
The following controls for backup and restore must be in place:
  • Processes must be documented and implemented to backup and restore data in the event the primary facility is unavailable (due to disaster), system/data is unavailable, deleted or changed due to unauthorized access or error.
  • The data restore process must also be tested periodically and at least annually.
  • Tape backups and archives of sensitive information must also be encrypted in accordance with Data Classification and Encryption policies.
  • Access to data backups must be restricted to authorized roles (e.g. tape operator).
  • Media backups must  be stored in a secure location, preferably off-site facility, such as backup site or a commercial facility.
  • Physical transport of sensitive backup information to an offsite location must be secured using an approved transportation process (e.g. armored vehicle with guards).

Justification
The following benefits will be achieved:
  • Ensure availability of critical systems, applications and data
  • Reduce the likelihood of unauthorized access to sensitive information
  • Reduce the likelihood of sensitive information stored on media being lost or stolen

Scope
All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up to and including termination of employment or contract.

Topics
Information Backup and Restoration