Professional Documents
Culture Documents
Standard Statement
The backup of important information is often the last line of defence in the
event of either accidental or malicious loss or modification of UNSW
information, applications and infrastructure configurations. The purpose of this
standard is to set out the baseline requirements for the backup of UNSW
information systems and data.
Purpose UNSW information must be backed up on a regular basis, protected from
unauthorised access or modification during storage, and available for recovery
in a timely manner. As backup media may contain sensitive information in
high-volumes, (i.e., UNSW financial transactions, Personal Identifiable
Information etc.) the backup media must be protected, during the entire
information lifecycle.
This standard applies to all UNSW Information Communication Technology
systems and end-user computing devices, including non-production systems
that contain information that would impact UNSW in the event data was lost.
Scope
This standard does not cover data availability using replication techniques,
such as database synchronisation between production and disaster recovery
facilities or data deduplication.
Standard
1. Controls ..................................................................................................................................... 1
1.1 Backup schedule considerations .................................................................................. 1
1.2 Verification of backup processes and investigating failures .........................................2
1.3 Validation of backup media and recovery processes ...................................................2
1.4 Protection of backups and backup media ..................................................................... 2
1.5 Retention and disposal of backups and backup media ................................................2
1.6 Backup media locations and off-site transportation of backup media ..........................2
2. Control Exceptions .................................................................................................................... 2
3. ISMS Mapping with Industry Standards ................................................................................... 3
4. Document Review, Approval & History ..................................................................................... 3
4.1 Quality Assurance ......................................................................................................... 3
4.2 Sign Off ......................................................................................................................... 3
1. Controls
1.1 Backup schedule considerations
1.1.1 Backups must be scheduled according to the availability requirements of the information that
is being backed up. A backup schedule must be documented and maintained for all UNSW
systems. Table 1 documents the minimum backup schedules for the identified UNSW data
types.
Backup Schedule
What How Often How
Infrastructure configuration According to Solution Design According to Solution Design Documentation
(network, server, appliance) Documentation
Software or or
(O/S, applications, utilities)
Full Magnetic tape
Data Incremental Hard disk
(files, databases) Differential Optical storage
Solid state storage
2. Control Exceptions
All exemption requests must be reviewed, assessed and approved by the relevant business stakeholder. Please
refer to the ISMS Base Document for more detail.
A review of this standard will be managed by the Chief Digital Officer on an annual basis.
Accountabilities
Supporting Information
Parent Document (Policy) IT Security Policy