GROUP INFORMATION TECHNOLOGY DEPARTMENT

 

 

Backup Policy

 

 

 

 

 

 

 

 

 

Policy Reference [GITD_IT26]
[Final Version 1.0 | Released Date: June 12, 2018]

Table of Contents

 

DOCUMENT VERSION & CHANGE CONTROL. 5

1.0       Backup Server Policy. 6

2.0       Purpose. 6

3.0       Overview.. 6

4.0       Major Policy Elements. 6

5.0       Scope. 7

6.0       Personnel with Responsibility. 7

7.0       Terms and Definitions. 7

8.0       Actions and Methods. 8

8.1 Process and Procedure. 8

9.0 What is Backed Up?. 10

9.1 Managing Restores. 10

9.2 Enforcement. 10

9.3 Revision. 11

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

THIS PAGE IS INTENTIONALLY LEFT BLANK

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

DOCUMENT VERSION & CHANGE CONTROL

 

Version History

Issue Date	Version	Description	Prepared By	Approved By
June 12,2018	1.0	Backup  Policy	Mrs. Sudha Jacob ITIL Administrator	Mr. Winston Ellison Group CIO

 

Change History

Issue Date	Version	Description	Prepared By	Approved By

 

 

 

 

 

 

 

1.0        Backup Server Policy

A very well documented process of Information Backup and Restore is strictly maintained and followed regularly.

2.0        Purpose

The unavailability of systems (and data) following an interruption to normal processing can impact on business operations and efficiency. Corruption / loss of some data following an interruption to normal processing can disrupt operations and delay business processing.

The purpose of Group IT Backup Policy is to establish the rules for the backup and storage of electronic information securely

3.0        Overview

Electronic backups are a business requirement to enable the recovery of data and applications in the case of events such as, system disk drive failures, data entry errors, system operations errors and natural disasters.

4.0        Major Policy Elements

• All systems and applications backup and recovery process is well documented, tested and periodically reviewed. Backups are carried out at regular intervals. Backup items may include Data files, databases, system state, emails and documentations.
• All critical data on servers are backed up and stored.
• Backup Media is always stored, transported, disposed off and handled securely. Appropriate operating procedures are established to protect documents, computer media (tapes, disks and cassettes), input/output data and system documentation from damage, theft and unauthorized access.
• Backups undergo periodic “spot-checks” to ensure the integrity of the data. A process is implemented to verify the success of the electronic information backup.
• Backups are periodically tested to ensure that they are recoverable.
• Procedures of backing up and handling media are reviewed at least annually.
• Restoration procedures are regularly checked and tested to ensure that they are effective and that they are completed within the time allotted in the operational procedures for recovery.
• Backup tapes have a minimum of the following identifying criteria that are readily identified by labels:

1.    System name

2.    Creation Date

• Procedures are developed and implemented for maintaining inventory and tracking the location of backup media.
• Security of media in transit is protected by ensuring that:

1.    Protective packaging is utilized to protect the contents from physical damage.

2.    Sensitive information is protected by special controls such as locked containers, hand delivery, tamper evident packaging.

·        Destruction, overwriting or reformatting of media are approved by Group IT management

 

5.0    Scope

The scope of the backup policy applies to all individuals within Babtain that are responsible for the installation and support of Information Resources and Application owners.

6.0    Personnel with Responsibility

Mr. Burhanuddin Ali                          Sr. System Administrator

Mr. Rajeev Kolliyot                              Sr. System Administrator

Mr. Winston Ellison                             Group CIO

7.0    Terms and Definitions

Application Managers:

Team Leaders or Managers who are managing IT application

Spot-checks:

Planned/unplanned random checking of the tapes or replication to check the data integrity in tapes/replication

 

Integrity copies:

The copy which is exact replica of the original (data on a media for this policy)

Security controls:

Any sort of mechanism to prevent unauthorized activity

8.0    Actions and Methods

8.1 Process and Procedure

a)    One set of the data backups for all critical data are maintained to ensure that a valid, virus-free backup exists and is available for use in time.

b)    Back-up requests for applications are approved by the IT Manager. Backup request is sent through IT service desk. The requests logs are maintained separately.

c)    Data backup is required for all production systems including Servers and distributed servers and databases.

d)    Backup data is verified periodically for data consistency.

 

Work Instructions:

a)    All Back management passwords and user IDs are kept with Backup Administrator and copy of it with systems manager.

b)    Backup Manager Server is connected to the Tape Library backup production database through Backup agents deployed on different application/database Servers.

c)    Backup admin takes care of the execution time for the respected backup jobs and approximate time taken for this job to get done.

d)    The backup software generates a log of activity which will be available on the Backup Manager Server datacenter. The backup log will have the following details

·         Start and end times and dates of the backup job

·         General information about the backup job and any errors/warning encountered.

 

Media Inventory Procedure:

a)    All the media’s are labeled following media labeling procedure

b)    Media are kept in separate physical storage place once its reaches the maximum storage capacity.

c)    The inventory of media storage is maintained and the information is kept up to date.

 

Verification for Backup / Restore Data:

Data Backup / Restore verification process is developed to check the data consistency and availability from the backup media.

a)    The process is initiated from the application / data owners to backup administrators

b)    Backup administrator has to restore the valid data from the backup media to the test / development environment.

c)    This data has to be validated by the application / data owners from their own applicable methods.

d)    After completion of the testing the log is maintained.

 

If magnetic media is to be released from the control and custody of the organization, then the following is carried out to ensure that no data remains:

• All markings on the media are removed or defaced so that they cannot be read.
• Check is made after the media has been overwritten to see if it can be read.
• Disks are destroyed.
• Proms cannot be cleared, and therefore never released.
• Used magnetic tapes, microfilm, microfiche and printer ribbons are cut into short lengths and burned.
• Unwanted firmware is destroyed by incineration after being hammered.

 

Backup

Adequate back-up facilities are provided to ensure that all essential business data and software are recovered in the event of media failure or a computer disaster:

• All documents, computer or otherwise, are locked away in appropriately secure containers whenever the workplace is left unattended. At the end of the working day all working surfaces are cleared.
• Backup copies of company data are made accurately, regularly and religiously.
• Back-up arrangements for individual systems meet the requirements of the contingency plans.
• Back-up equipment and data is tested regularly to ensure that it can be relied upon in the event of an emergency.

9.0 What is Backed Up?

This policy refers to the backing up of data that resides on  servers.

This policy does not refer to backing up of data that resides on individual PC or notebook hard drives. Responsibility for backing up data on local desktop systems or laptops rests solely with the individual user. It is strongly encouraged that end users save their data to the shared folders that are backed up regularly.

It is the responsibility of server administrators to ensure that all new servers follow this  policy, and that this policy be applied to each new server’s maintenance routine..

9.1 Managing Restores

The ultimate goal of any backup process is to ensure that a restorable copy of data exists. If the data cannot be restored, then the process is useless. As a result, it’s essential to regularly test one’s ability to restore data from its storage media.

1.    Daily tapes must be tested at least once every 6 months to ensure that the data they contain can be completely restored.

2.    Monthly tapes must be tested at least once every years to ensure that the data they contain can be completely restored.

Data will be restored from a backup if:

·         There is an intrusion or attack.

·         Files have been corrupted, deleted, or modified.

·         Information must be accessed that is located on an archived backup.

·         Appropriate approval from business unit head and Group CIO is obtained.

9.2 Enforcement

This policy is approved by the Group CIO (Chief Information Officer). Request for clarifications on this policy can be sent to the Group CIO on (winston.ellison@babtain.com.kw)

 

Violations to this policy are formally intimated by Group CIO to HR department for subsequent disciplinary action.

Auditing periodically for compliance with the policy is the responsibility of all Managers.

9.3 Revision

This policy document is reviewed by Group IT once in a year; updated with modifications and updates are carried out if required and the policy is then approved.

 

 

 

 

 

 

END OF DOCUMENT