Data Backup Policy

A. SUBJECT

The objective of the data backup policy is establish a set of rules for the data backup,
storage and restoration of electronic information.

B. RELEVANCE

This policy is designed to protect the information of the organization and assure that the
information is protected against any loss due disaster, intentional destruction or equipment
failures and can be recovering successfully.

This policy is applied to all personnel, equipments and information that the company
belongs and manages.

This policy is going to be executed on the datacenter in the company main office in Lima
Peru, through Backup Exec Software from Norton System.

The frequency and extension of the backup should be in accordance with the importance of
the information and the acceptable risk as be determined by the owner of the data, the
backup will be doing as GFS sequence (Grandfather/Father/Son) which consist in do a full
backup each weekend and differential o incremental backup per day of the week as follows:

Monday Tuesday Wednesday Thursday Friday

Week 1 DATA - Diferential: DATA - Diferential: DATA - Diferential: DATA - Diferential: FULL
8:30pm 8:30pm 8:30pm 8:30pm DATA/DATABASE:
Media - lacie 2 Media - lacie 2 Media - lacie 2 Media - lacie 2 2:00PM
Media - Lacie 2

Monday Tuesday Wednesday Thursday Friday

Week 2 DATA - Diferential: DATA - Diferential: DATA - Diferential: DATA - Diferential: DATA - Diferential:
8:30pm 8:30pm 8:30pm 8:30pm 8:30pm
Media - lacie 2 Media - lacie 2 Media - lacie 2 Media - lacie 2 Media - lacie 2

Monday Tuesday Wednesday Thursday Friday

Week 3 DATA - Diferential: DATA - Diferential: DATA - Diferential: DATA - Diferential: FULL
8:30pm 8:30pm 8:30pm 8:30pm DATA/DATABASE:
Media - lacie 2 Media - lacie 2 Media - lacie 2 Media - lacie 2 2:00PM
Media - Lacie 2
 Monday Tuesday Wednesday Thursday Friday
Week 4 DATA - Diferential: DATA - Diferential: DATA - Diferential: DATA - Diferential: DATA - Diferential:
8:30pm 8:30pm 8:30pm 8:30pm 8:30pm
Media - lacie 2 Media - lacie 2 Media - lacie 2 Media - lacie 2 Media - lacie 2

C. RESPONSABILITIES

The helpdesk staff starts the process of the backup at the end of each day of work, as well
they send the tape to the external custody staff.

The Network Administrator, guarantees that the connection should be optimal in order this
process could be executed and there’s no issue in this process. If any problem arises, he is
the responsible to fix it.

The System Administrator, sign up the exit / entrance of each tape and supervises that this
process is been executed as parameters described in this policy and procedures.

The IT Manager needs to be ensuring that the policies established by company are
fulfilment and approve the requests for restore data.

D. FULFIMENT

1) Process Review. The backup process and recovery for each system must be
documented and revised periodically by a committee of revision composed by System
Administrator, Network Administrator and IT Manager.

2) Tape Backup Storage. When the backup is retired from tape is being storage on a
secure way on a close space by lock with fire proof different from datacenter inside the
building whom just only IT Personnel can have access.

Each Saturday, the tape backup are taken outside the building and be stored in a
secure place with a close space by lock with fire proof, far away from the building
through a service contracted for this purpose.

At the same time, the previous tapes (2 weeks old) should be delivering to IT from
external custody staff in order to reuse the tapes. A backup key/ combination of the
building secure site are being stored on the external place outside (in external custody
place).
 In every moment should have:

a) Two or more (depending of the tape backup rotation) FULL backup tapes (at least 4
day old) inside de secure place inside the building.
b) Two or more (depending of the tape backup rotation) FULL backup tapes (at least
15 day old or more) outside secure place inside the building.

3) Execution of Backup. The backup should be executed following the GFS sequence
describe lines above on the time indicated. Additionally the execution should guaranties
that the information backup is ciphered.

4) Encryption of Backup. All data backup should be encrypted. Only an IT System

Admin and IT Manager should have the tools / keys / passwords to authorize data
restoration. Additionally a copy of this should be in hands of a General Manager or an
Information Officer for custody.

5) Registry of Backup Fulfillment. A register of the daily backups (Annex 2) is issue in

order to maintain a record of the backup execution, their condition, which tape backup
is in use and their cleaning. These records should be stored and updated on the
datacenter and each time that a tape is delivered to external custody staff a copy is
sent to IT Manager Office.

6) Tape Backup Labeling. Tape backups and other media related like CD’s magnetic
media, external discs, should be follow as minimal the following identification criteria in
order that can be easily identified by codebar system or tag system.

a) Date of putting into service of the tape.

b) Name of the System / Folder Backup
c) Date of backup creation
d) Sensibility Classification of the backup (Based in the regulation of retention of
electronic registries )
e) Name of the external data custody company.
f) Information of Ausenco’s internal contact

7) Physical Maintenance of the Backup System. The regular maintenance of the

backup system is carried out to ensure that the systems and components are in good
conditions to work. The cleaning tape backups should been cleaned each month o with
more frequency if the tape backup unit is expose to daylight bright.

8) Lifecycle of the Backup Tapes. The date of putting into service of each the tape
should be recorded onto the tape. The daily backups that have more than 6 months of
use should be discarded and replaced by new ones. For the tapes out of this criteria
should be replaced under System Admin judgment.

Before tape backup retirement, IT should ensure that:

a) The media doesn’t contents any active backup records.

b) The content of the media couldn’t be read o recovered by third parties.
 Finally, the tape backup should be destroyed physically.

9) Scope of Files and System for Backup. The systems to be backup includes but aren’t
limited to:

a) File Server
b) Email Server
c) Web Server
d) Database Server
e) Domain Controller Server
f) Test Server for Databases
g) Test Server for Web

10) Backup Verification. At the moment of executing backup, all the works should been
verified automatically in order to ensure the successful copy of themselves. Within six
months it should be execute a restoration test in order to verify the integrity and
availability of the information.

11) Backup Audit. IT should keep records that demonstrate the reviewing of the events
and test of restoration in order to demonstrate the fulfillment of the current policies for
audit purposes. Aleatory tests should be conducted each 3 months in order to verify
that backup has been performed successfully.

12) Handling Backup Failures. In case that a backup copy have a failure, the responsible
of control of backup have to do this immediately:

a) Write/Copy any message or information on monitor screen.

b) Put in contact with the tape backup provider or tape backup unit in order to let them
know about the error.
c) Report the error to the IT Manager.
d) Register the failure on the event backup record and any action taken as a result of
it.
e) Clean the tape backup with the recommended by manufacturer cleaning tool.
f) Check tape backup age. Destroy the tape and replace if it is near to the end of
service date.

13) Backup Restorations. On normal conditions, backup restorations are given under :

a) Accidental Erased
b) Data Corruption
c) Restoring Historical Data
d) Data for Test Server

The users that request a file restoration needs to present a form or put a request in
Service Centre Help desk. The user should include information about date of creation of
the archive, file name, last update and/or time and date of the deletion.

HelpDesk needs to keep a record of these requests of restoration for management &
audit purposes and needs to be approved by IT Manager.
 On a major system failure event, all data stored should be back online in next 3 days
after the equipment has been replaced and put in operative conditions.

If the event isn’t be a major failure but has a huge impact inside the organization, the
data stored should been put online the next day of the equipment has been replaced
and put in operative conditions.

14) Penalities. A violation of this policy could result in a disciplinary action that could be
reach to retire the employee responsible, resolute contracts with third parties and other
that the company consider necessary.

E. ADDITIONAL INFORMATION

1) Definitions
a) Backup, is the process of store data on a magnetic media or other massive media
with the purpose of avoid data loss in case of disaster due equipment fail or
destruction.
b) Backup Policy, an organization’s procedures and rules for ensuring that adequate
amounts and types of backups are made, including suitably frequent testing of the
process for restoring the original production system from the backup copies.
c) Backup Images, this file is the result of a backup process that stored onto the
backup tape.
d) Tape Backup Unit, this unit is that records the information into the tapes for
storage purposes.
e) Tape Backup, is the magnetic media used in the process of save backup images.
f) Daily Backup, incremental backup of files that have changed today
g) Incremental Backup, An incremental style repository aims to make it more feasible
to store backups from more points in time by organizing the data into increments of
change between points in time. This eliminates the need to store duplicate copies
of unchanged data, as would be the case with a portion of the data of subsequent
full backups. Typically, a full backup (of all files) is made which serves as the
reference point for and incremental backup set. After that, any number of
incremental backups is made. Restoring the whole system to a certain point in time
would require locating the last full backup taken previous to the data loss plus each
and all of the incremental backups that cover the period of time between the full
backup and the point in time to which the system is supposed to be restored.
Additionally, some backup systems can reorganize the repository to synthesize full
backups from a series of incremental.
h) Differential Backup, a cumulative backup of all changes made since the last full
backup. The advantage to this is the quicker recovery time, requiring only a full
backup and the latest differential backup to restore the system. The disadvantage is
that for each day elapsed since the last full backup; more data needs to be backed
up, especially if a majority of the data has been changed.
i) Full Backup, a backup of all (selected) files on the system. In contrast to a drive
image, this does not included the file allocation tables, partition structure and boot
sectors.
j) File, Archive, is a group of structured data that is stored on any media and can be
used by software apps.
 k) Restore Backup, is the process of reestablish data stored on magnetic media o
tapes to their original locations and can be access and used again.
l) Cipher, Encryption or coding, Process through the data can’t be read unless you
have a key/ password that allows the reverse process.
m) External Custody, external party that offers the service of custody for physical
information (tape backup) according on a SLA.

2) Contact Information
a) External Custody
Iron Mountain.
Management, Store and Custody of Information.
Address:
Phone:
Contact:
Email:
Website:

b) Servers, Tape Backup Unit, TapeBackup

DELL Peru SAC
Equipments on Gold Enterprise Support, 24 hrs/ 7days including holydays.
Address:
Phone:
Contact:
Email:
Website:

c) IT Staff
Ausenco PERU – IT Dept.
Takes care of the daily operations of backup / recovery and delivery / reception with
external custody.

(1) Helpdesk, Andres Arellano // Ext 2056 – Cel: 9999-99999

(2) Service Centre, Stuart Graham // Ext 2056 – Cel: 9999-99999
(3) Networks & Servers, Aldo Sandoval// Ext 2056 – Cel: 9999-99999
(4) IT Manager, Omar Carrillo// Ext 2056 – Cel: 9999-99999

Address: Calle Esquilache 371, Piso 6.

Phone: 207-3850
Contact: Omar Carrillo
Email: omar.carrillo@ausenco.com
Website: www.ausenco.com

d) Electrical and Network cabling

ML Telecom SAC
Service of electrical/network cabling installation and repair.
Address:
Phone:
Contact:
Email:
Website:
ANNEX 1

Backup Procedure
1) Purpose
The purpose of this document is outline in detail the process of backup, backup system used
and media that participants in backup process as well the people that intervenes in this
process.

2) Location
The backup process should been executed inside Ausenco Datacenter at Esquilache Building,
from here also the External Custody Companies should deliver / receive any tape backup.

3) What is Stored and Backup

The following locations under Ausenco Peru network are identified as been covered by backup
process:

Local
Source Servers Drive Local Path Subfolder
\\LIMFILE01 D: \Ausenco
\CORP
\E&S
\HSEC
\MINERALS
\PROCESS
INSFRASTRUCTURE
\PROJ
\PROJ-INACTIVE
\SHARED
\USERS
\\LIMFILE01 D: \AusencoPSI \
\AS
\JOB1
\Ausenco
\\LIMFILE01 D: Vector \
\\LIMFILE01 D: \TEMP_SG \

External
Harddisk Library \

\\STORAGE01 E: \
ACCOUNTING
AS
AUSMIN
 BS
CONTROL DOC
COST & PLANNING
IT
PERUMS
PROGRAMAPMIA
SCANNER
SECRETARIA
TEMP
TRANSLATION
PARA CONFIRMAR
\\STORAGE01 F: \
ADMIN
CAD
GERENCIA
PROJECTS
PSIPERU E: \DATA
AD
BD
COMMON
GER ADM Y FIN
GERENCIA
ITRESOURCES
JOBS
LIBRARY
PR
PROCUREMENT
QUALITY PROCEDURES
STDS
\\PJPDMS01 C: \
\\PJPDMS02 D: \

An updated copy of this can be located on s:\corp\it\operations\backup as

Backup_Scope.xls

4) How much backup occupied

5) How the copies is been backup

6) Setup of the Backup System
a) Server
b) Network Agents
c) Tape Backup
d) Groups
 e) Pools
f) Schedules
7) How to do a backup
8) How to do a restoration
a) Previous notes
b) Restore a backup from Backup Exec
c) Restore a backup from NT Backup
9) Daily Work
a) How to swap tape backup
b) How to labeling tape backup
c) How to proceed if unfinished tape backup
d) How to restart with unfinished tape backup
e) Other general issues
f) Fullfiment of Backup daily record.
10) Known Issues
a) Backup server doesn’t starts
b) Backups aren’t finalized
Annex 2

Daily Record for Backups

We use the format IT-PE-234234.xls stored at s:\corp\it\operations\backup

The following fields should be fulfilled

1) Week Beginning Should be 42 w depending of the date of execution

2) Day Day name
3) Drive Cleanned Indicate if a drive cleaning was performed
4) Tape inserted by Who was responsible for insert the tape that day
5) Date On dd/mm/yy format
6) Tape # Information of the tape used.
7) Tape Removed by Who was responsible for remove the tape that day
8) Location of the tape Which building was located the tape
9) Backup Status(COMPLETED/FAILED) Indicates if the process was successful or not
10) Action taken where backup failed Which actions were taken if backup fails.