Professional Documents
Culture Documents
Data Backup Policy
Data Backup Policy
A. SUBJECT
The objective of the data backup policy is establish a set of rules for the data backup,
storage and restoration of electronic information.
B. RELEVANCE
This policy is designed to protect the information of the organization and assure that the
information is protected against any loss due disaster, intentional destruction or equipment
failures and can be recovering successfully.
This policy is applied to all personnel, equipments and information that the company
belongs and manages.
This policy is going to be executed on the datacenter in the company main office in Lima
Peru, through Backup Exec Software from Norton System.
The frequency and extension of the backup should be in accordance with the importance of
the information and the acceptable risk as be determined by the owner of the data, the
backup will be doing as GFS sequence (Grandfather/Father/Son) which consist in do a full
backup each weekend and differential o incremental backup per day of the week as follows:
C. RESPONSABILITIES
The helpdesk staff starts the process of the backup at the end of each day of work, as well
they send the tape to the external custody staff.
The Network Administrator, guarantees that the connection should be optimal in order this
process could be executed and there’s no issue in this process. If any problem arises, he is
the responsible to fix it.
The System Administrator, sign up the exit / entrance of each tape and supervises that this
process is been executed as parameters described in this policy and procedures.
The IT Manager needs to be ensuring that the policies established by company are
fulfilment and approve the requests for restore data.
D. FULFIMENT
1) Process Review. The backup process and recovery for each system must be
documented and revised periodically by a committee of revision composed by System
Administrator, Network Administrator and IT Manager.
2) Tape Backup Storage. When the backup is retired from tape is being storage on a
secure way on a close space by lock with fire proof different from datacenter inside the
building whom just only IT Personnel can have access.
Each Saturday, the tape backup are taken outside the building and be stored in a
secure place with a close space by lock with fire proof, far away from the building
through a service contracted for this purpose.
At the same time, the previous tapes (2 weeks old) should be delivering to IT from
external custody staff in order to reuse the tapes. A backup key/ combination of the
building secure site are being stored on the external place outside (in external custody
place).
In every moment should have:
a) Two or more (depending of the tape backup rotation) FULL backup tapes (at least 4
day old) inside de secure place inside the building.
b) Two or more (depending of the tape backup rotation) FULL backup tapes (at least
15 day old or more) outside secure place inside the building.
3) Execution of Backup. The backup should be executed following the GFS sequence
describe lines above on the time indicated. Additionally the execution should guaranties
that the information backup is ciphered.
6) Tape Backup Labeling. Tape backups and other media related like CD’s magnetic
media, external discs, should be follow as minimal the following identification criteria in
order that can be easily identified by codebar system or tag system.
8) Lifecycle of the Backup Tapes. The date of putting into service of each the tape
should be recorded onto the tape. The daily backups that have more than 6 months of
use should be discarded and replaced by new ones. For the tapes out of this criteria
should be replaced under System Admin judgment.
9) Scope of Files and System for Backup. The systems to be backup includes but aren’t
limited to:
a) File Server
b) Email Server
c) Web Server
d) Database Server
e) Domain Controller Server
f) Test Server for Databases
g) Test Server for Web
10) Backup Verification. At the moment of executing backup, all the works should been
verified automatically in order to ensure the successful copy of themselves. Within six
months it should be execute a restoration test in order to verify the integrity and
availability of the information.
11) Backup Audit. IT should keep records that demonstrate the reviewing of the events
and test of restoration in order to demonstrate the fulfillment of the current policies for
audit purposes. Aleatory tests should be conducted each 3 months in order to verify
that backup has been performed successfully.
12) Handling Backup Failures. In case that a backup copy have a failure, the responsible
of control of backup have to do this immediately:
13) Backup Restorations. On normal conditions, backup restorations are given under :
a) Accidental Erased
b) Data Corruption
c) Restoring Historical Data
d) Data for Test Server
The users that request a file restoration needs to present a form or put a request in
Service Centre Help desk. The user should include information about date of creation of
the archive, file name, last update and/or time and date of the deletion.
HelpDesk needs to keep a record of these requests of restoration for management &
audit purposes and needs to be approved by IT Manager.
On a major system failure event, all data stored should be back online in next 3 days
after the equipment has been replaced and put in operative conditions.
If the event isn’t be a major failure but has a huge impact inside the organization, the
data stored should been put online the next day of the equipment has been replaced
and put in operative conditions.
14) Penalities. A violation of this policy could result in a disciplinary action that could be
reach to retire the employee responsible, resolute contracts with third parties and other
that the company consider necessary.
E. ADDITIONAL INFORMATION
1) Definitions
a) Backup, is the process of store data on a magnetic media or other massive media
with the purpose of avoid data loss in case of disaster due equipment fail or
destruction.
b) Backup Policy, an organization’s procedures and rules for ensuring that adequate
amounts and types of backups are made, including suitably frequent testing of the
process for restoring the original production system from the backup copies.
c) Backup Images, this file is the result of a backup process that stored onto the
backup tape.
d) Tape Backup Unit, this unit is that records the information into the tapes for
storage purposes.
e) Tape Backup, is the magnetic media used in the process of save backup images.
f) Daily Backup, incremental backup of files that have changed today
g) Incremental Backup, An incremental style repository aims to make it more feasible
to store backups from more points in time by organizing the data into increments of
change between points in time. This eliminates the need to store duplicate copies
of unchanged data, as would be the case with a portion of the data of subsequent
full backups. Typically, a full backup (of all files) is made which serves as the
reference point for and incremental backup set. After that, any number of
incremental backups is made. Restoring the whole system to a certain point in time
would require locating the last full backup taken previous to the data loss plus each
and all of the incremental backups that cover the period of time between the full
backup and the point in time to which the system is supposed to be restored.
Additionally, some backup systems can reorganize the repository to synthesize full
backups from a series of incremental.
h) Differential Backup, a cumulative backup of all changes made since the last full
backup. The advantage to this is the quicker recovery time, requiring only a full
backup and the latest differential backup to restore the system. The disadvantage is
that for each day elapsed since the last full backup; more data needs to be backed
up, especially if a majority of the data has been changed.
i) Full Backup, a backup of all (selected) files on the system. In contrast to a drive
image, this does not included the file allocation tables, partition structure and boot
sectors.
j) File, Archive, is a group of structured data that is stored on any media and can be
used by software apps.
k) Restore Backup, is the process of reestablish data stored on magnetic media o
tapes to their original locations and can be access and used again.
l) Cipher, Encryption or coding, Process through the data can’t be read unless you
have a key/ password that allows the reverse process.
m) External Custody, external party that offers the service of custody for physical
information (tape backup) according on a SLA.
2) Contact Information
a) External Custody
Iron Mountain.
Management, Store and Custody of Information.
Address:
Phone:
Contact:
Email:
Website:
c) IT Staff
Ausenco PERU – IT Dept.
Takes care of the daily operations of backup / recovery and delivery / reception with
external custody.
Backup Procedure
1) Purpose
The purpose of this document is outline in detail the process of backup, backup system used
and media that participants in backup process as well the people that intervenes in this
process.
2) Location
The backup process should been executed inside Ausenco Datacenter at Esquilache Building,
from here also the External Custody Companies should deliver / receive any tape backup.
Local
Source Servers Drive Local Path Subfolder
\\LIMFILE01 D: \Ausenco
\CORP
\E&S
\HSEC
\MINERALS
\PROCESS
INSFRASTRUCTURE
\PROJ
\PROJ-INACTIVE
\SHARED
\USERS
\\LIMFILE01 D: \AusencoPSI \
\AS
\JOB1
\Ausenco
\\LIMFILE01 D: Vector \
\\LIMFILE01 D: \TEMP_SG \
External
Harddisk Library \
\\STORAGE01 E: \
ACCOUNTING
AS
AUSMIN
BS
CONTROL DOC
COST & PLANNING
IT
PERUMS
PROGRAMAPMIA
SCANNER
SECRETARIA
TEMP
TRANSLATION
PARA CONFIRMAR
\\STORAGE01 F: \
ADMIN
CAD
GERENCIA
PROJECTS
PSIPERU E: \DATA
AD
BD
COMMON
GER ADM Y FIN
GERENCIA
ITRESOURCES
JOBS
LIBRARY
PR
PROCUREMENT
QUALITY PROCEDURES
STDS
\\PJPDMS01 C: \
\\PJPDMS02 D: \