Disclaimer
This policy is not a substitute for legal advice. If you have
legal questions related to this policy, see your lawyer.
The information contained herein has been obtained from
sources believe to be reliable. CBS Interactive Inc. disclaims all
warranties as to the accuracy, completeness, or adequacy of
such information. CBS Interactive Inc. shall have no liability for
errors, omissions, or inadequacies in the information contained
herein or for the interpretations thereof. The reader assumes sole
responsibility for the selection of these materials to achieve its
intended results. The opinions expressed herein are subject to
change without notice.
TechRepublic
1630 Lyndon Farm Court
Suite 200
Louisville, KY 40223
Online Customer Support:
http://techrepublic.custhelp.com/
Editor In Chief
Jason Hiner
Head Technology Editor
Bill Detwiler
Head Blogs Editor
Toni Bowers
Senior Editors
Mark Kaelin
Jody Gilbert
Selena Frye
Mary Weilage
Sonja Thompson
Graphic Designer
Kimberly Smith
Data Backup Policy
Summary
To protect against data loss and enable business continuity in the event of a disaster, the organization must regularly
make backup copies of its electronic files, email, documents, spreadsheets, databases, CRM, financial, sales and
other systems, and application and server information. Staff members must understand exactly what information is
backed up, how many copies of the backups are kept, and how long each data backup is retained. Further, IT staff
members must decide who is responsible for administering, maintaining, monitoring, and testing backups.
Objective
To define what organization data and information is backed up, when backup operations are to run, how many backup
sets are kept, how long backup sets are retained, where backup sets will be physically stored, who is responsible for
rotating backup sets, who is responsible for testing backups, and how often backup tests will be conducted.
Audience
All users and IT department staff members are affected by this policy.
Policy Purpose
The Data Backup Policy’s purpose is to assist the organization and its staff members in understanding what
information is backed up, how backups are administered and maintained, and who is responsible for managing and
performing backup tasks. The policy strives to help the staff understand that data backups do not necessarily create
data archive sets. Only by ensuring that each staff member is aware that the critical data with which he or she works
is being backed up, and only by confirming that IT staff members are indeed backing up that data and maintaining
and testing those backup sets, can the organization properly protect against data loss and enable business
continuity in the event of a catastrophic event.
Data Backup Selections
Due to the number of systems, applications, servers, and sites that the IT department must manage, it is possible
that data associated with programs or software installed by end users may not be backed up. In other cases, the
organization’s IT staff may not be aware that users are storing data in specific locations or on specific systems.
To ensure that there are no misunderstandings and to prevent important data from being lost due to a disk failure,
system corruption, user error, or other event, use the Data Backup Checklist at the end of this document. The form
provides a simple method for submitting data backup requests to the technology partner responsible for managing
the organization’s data backups.
Backup Scheduling
The organization’s data backup operations run after hours to ensure that server and network performance are not
compromised during typical business hours. Based on the organization’s unique requirements, the following backup
schedule is used:
Site
Server name
Backup method
Backup type
Schedule
HQ
DC1
Windows NT Backup Full backups
Saturdays 12 PM
HQ
DC1
Windows NT Backup Incremental backups
Daily 9 PM
Note: Chart examples appear as italicized text; these values should be removed prior to policy implementation.
Data Backup Retention
The organization’s backup routines are designed to protect against data loss due to failed hard disks, system
corruption, user error, and other failures and to provide business continuity in the event of a catastrophic event. Data
backups are not meant to provide ready access to archived versions of old files. Users requiring archive creation of
documents, files, and other information should request an archiving or document versioning solution from the IT team.
The organization retains backups according to the following schedule:
Server
Site
HQ
Backup retention
DC1
One Month
Data Backup Physical Storage
IT representatives are responsible for managing the organization’s backup routines. Data backups are regularly
rotated to secure offsite locations. The following table specifies where data backup sets are stored:
Site
HQ
Telegraph Road
Server
DC1
FS01
Active backup
Secondary backup
External disk sits on rackmount
External disk stored in
server in Server Room 1A
basement vault
HP internal tape
Telegraph Road Firesafe
Data Backup Monitoring
The IT team is responsible for monitoring backup operations each non-holiday business day. Critical systems, as
determined by senior executives, must be monitored 24x7x365.
In the event of a backup job failure, the IT team must create a trouble ticket. The trouble ticket must specify which
server’s backup job failed and list applicable error codes. As IT staff members troubleshoot and resolve the backup
error, all pertinent details should be added to the trouble ticket for tracking purposes.
Any trouble ticket tracking a backup routine that fails three days in a row must be escalated to a director’s attention.
Trouble tickets tracking backup failures may be closed only after a full backup completes on the respective system.
Data Backup Testing
The IT team is responsible for testing data backups quarterly. To successfully complete testing, a traditional backup
set must recover to a second system all data the backup media is scheduled to protect. For image backups to
pass testing, the image backup must successfully boot a second system to a proper operating environment that
replicates the operations and data of the original system.
Data Backup Change Reporting
Organizations, departments, and users frequently upgrade, change, and alter critical applications, programs, and
software. As a result, original data locations and storage space allocations can change, sometimes dramatically.
Whenever system changes, software upgrades, application migrations, and/or updates are implemented, users must
complete a new Data Backup Checklist and forward the form to the IT team for processing.
Acknowledgment of Data Backup Policy
This form is used to acknowledge receipt of and compliance with the company’s Data Backup Policy.
Procedure
Complete the following steps:
1. Read the Data Backup Policy.
2. Sign and date this form in the spaces provided below.
3. Return this page only to the IT department manager.
Signature
By signing below, I agree to the following terms:
(i) I have received and read a copy of the Data Backup Policy and understand and agree to the same.
(ii) I understand and agree that I will report changes affecting data backup routines in accordance with the Data
Backup Change Reporting section of this policy.
(iii) I understand and agree that I am not to disclose, share, distribute, or otherwise provide data backup sets to
any other individual.
(iv) I understand and agree to properly secure and maintain data backup sets that are entrusted to me or my
department for safekeeping.
(v) I understand that violations of the Data Backup Policy could result in termination of employment and legal
action, including civil and criminal prosecution, should I fail to maintain compliance with and/or intentionally
violate the policy’s provisions.
Employee Signature
Employee Title
Employee Name
Date
Department/Location
Disclaimer: This policy is not a substitute for legal advice. If you have legal questions related to this policy, see your
lawyer.
Data Backup Checklist
Use this checklist to ensure that the technology partner managing the organization’s data backups continues to
back up files, folders, data, and other information as part of a regularly monitored and tested routine. Once the user
enters his or her selections, the form should be provided to the technology partner for processing.
Backup Requestor Information
Name:
Department:
Date:
Backup Selection Requests
x
Description
Server where data resides
Share where data resides
Anticipated size
x
Financial data
//DC1
//DC1/Data/Financial
2.0 GB
CRM data
Client information
Sales data
Application database
Proprietary database
Medical data/info
Licensing information
Images
Photographs
Audio files
Videos
Web content
Social media data
Marketing material
Email database
ERP data
Accounting data
Construction files
Legal files
User share: ______
Other: ___________
Other: ___________
Other: ___________