This policy is not a substitute for legal advice. If you have
legal questions related to this policy, see your lawyer.
The information contained herein has been obtained from
sources believe to be reliable. CBS Interactive Inc. disclaims all
warranties as to the accuracy, completeness, or adequacy of
such information. CBS Interactive Inc. shall have no liability for
errors, omissions, or inadequacies in the information contained
herein or for the interpretations thereof. The reader assumes sole
responsibility for the selection of these materials to achieve its
intended results. The opinions expressed herein are subject to
change without notice.
1630 Lyndon Farm Court
Louisville, KY 40223
Online Customer Support:
Editor In Chief
Head Technology Editor
Head Blogs Editor
Data Backup Policy
To protect against data loss and enable business continuity in the event of a disaster, the organization must regularly
make backup copies of its electronic files, email, documents, spreadsheets, databases, CRM, financial, sales and
other systems, and application and server information. Staff members must understand exactly what information is
backed up, how many copies of the backups are kept, and how long each data backup is retained. Further, IT staff
members must decide who is responsible for administering, maintaining, monitoring, and testing backups.
To define what organization data and information is backed up, when backup operations are to run, how many backup
sets are kept, how long backup sets are retained, where backup sets will be physically stored, who is responsible for
rotating backup sets, who is responsible for testing backups, and how often backup tests will be conducted.
All users and IT department staff members are affected by this policy.
The Data Backup Policy’s purpose is to assist the organization and its staff members in understanding what
information is backed up, how backups are administered and maintained, and who is responsible for managing and
performing backup tasks. The policy strives to help the staff understand that data backups do not necessarily create
data archive sets. Only by ensuring that each staff member is aware that the critical data with which he or she works
is being backed up, and only by confirming that IT staff members are indeed backing up that data and maintaining
and testing those backup sets, can the organization properly protect against data loss and enable business
continuity in the event of a catastrophic event.
Data Backup Selections
Due to the number of systems, applications, servers, and sites that the IT department must manage, it is possible
that data associated with programs or software installed by end users may not be backed up. In other cases, the
organization’s IT staff may not be aware that users are storing data in specific locations or on specific systems.
To ensure that there are no misunderstandings and to prevent important data from being lost due to a disk failure,
system corruption, user error, or other event, use the Data Backup Checklist at the end of this document. The form
provides a simple method for submitting data backup requests to the technology partner responsible for managing
the organization’s data backups.
The organization’s data backup operations run after hours to ensure that server and network performance are not
compromised during typical business hours. Based on the organization’s unique requirements, the following backup
schedule is used:
Windows NT Backup Full backups
Saturdays 12 PM
Windows NT Backup Incremental backups
Daily 9 PM
Note: Chart examples appear as italicized text; these values should be removed prior to policy implementation.
Data Backup Retention
The organization’s backup routines are designed to protect against data loss due to failed hard disks, system
corruption, user error, and other failures and to provide business continuity in the event of a catastrophic event. Data
backups are not meant to provide ready access to archived versions of old files. Users requiring archive creation of
documents, files, and other information should request an archiving or document versioning solution from the IT team.
The organization retains backups according to the following schedule:
Data Backup Physical Storage
IT representatives are responsible for managing the organization’s backup routines. Data backups are regularly
rotated to secure offsite locations. The following table specifies where data backup sets are stored:
External disk sits on rackmount
External disk stored in
server in Server Room 1A
HP internal tape
Telegraph Road Firesafe
Data Backup Monitoring
The IT team is responsible for monitoring backup operations each non-holiday business day. Critical systems, as
determined by senior executives, must be monitored 24x7x365.
In the event of a backup job failure, the IT team must create a trouble ticket. The trouble ticket must specify which
server’s backup job failed and list applicable error codes. As IT staff members troubleshoot and resolve the backup
error, all pertinent details should be added to the trouble ticket for tracking purposes.
Any trouble ticket tracking a backup routine that fails three days in a row must be escalated to a director’s attention.
Trouble tickets tracking backup failures may be closed only after a full backup completes on the respective system.
Data Backup Testing
The IT team is responsible for testing data backups quarterly. To successfully complete testing, a traditional backup
set must recover to a second system all data the backup media is scheduled to protect. For image backups to
pass testing, the image backup must successfully boot a second system to a proper operating environment that
replicates the operations and data of the original system.
Data Backup Change Reporting
Organizations, departments, and users frequently upgrade, change, and alter critical applications, programs, and
software. As a result, original data locations and storage space allocations can change, sometimes dramatically.
Whenever system changes, software upgrades, application migrations, and/or updates are implemented, users must
complete a new Data Backup Checklist and forward the form to the IT team for processing.
Acknowledgment of Data Backup Policy
This form is used to acknowledge receipt of and compliance with the company’s Data Backup Policy.
Complete the following steps:
1. Read the Data Backup Policy.
2. Sign and date this form in the spaces provided below.
3. Return this page only to the IT department manager.
By signing below, I agree to the following terms:
(i) I have received and read a copy of the Data Backup Policy and understand and agree to the same.
(ii) I understand and agree that I will report changes affecting data backup routines in accordance with the Data
Backup Change Reporting section of this policy.
(iii) I understand and agree that I am not to disclose, share, distribute, or otherwise provide data backup sets to
any other individual.
(iv) I understand and agree to properly secure and maintain data backup sets that are entrusted to me or my
department for safekeeping.
(v) I understand that violations of the Data Backup Policy could result in termination of employment and legal
action, including civil and criminal prosecution, should I fail to maintain compliance with and/or intentionally
violate the policy’s provisions.
Disclaimer: This policy is not a substitute for legal advice. If you have legal questions related to this policy, see your
Data Backup Checklist
Use this checklist to ensure that the technology partner managing the organization’s data backups continues to
back up files, folders, data, and other information as part of a regularly monitored and tested routine. Once the user
enters his or her selections, the form should be provided to the technology partner for processing.
Backup Requestor Information
Backup Selection Requests
Server where data resides
Share where data resides
Social media data
User share: ______