WHAT COULD BE AN EFFECTIVE NETWORK DATA BACK-UP POLICY?
SANDE DAVID Reg.No:07/U/8577/ITD/GV Kyambogo University Kampala, Uganda
• A back-up refers to making copies of data so that these additional copies may be used to restore the original after a data lose event. These copies of the original file must be on another location/site usually offline. • Back-ups are used primarily for two purposes 1.To restore a computer to an operational state following a disaster (called disaster recovery). 2.To restore small numbers of files after they have been accidentally deleted or corrupted.
• Archive - The saving of old or unused files onto magnetic tape or other offline mass storage media for the purpose of releasing on-line storage room. • There are 4 types of back-ups I. Full + Differential back-up II.Full + incremental back-up III.Unstructured back-up IV.Mirror and reverse incremental back-up
• This back-up policy include all the staff of any organization and third parties who may be connected to the organization's IT resources. • All users are responsible for arranging adequate data backup procedures for the data held on IT systems assigned to them • The disaster recovery procedures in this policy apply to all Network Managers, System Administrators, and Application Administrators who are responsible for systems or for a collection of data held either remotely on a server or on the hard disk of a computer.
Responsibility for Data backup.
• Only critical systems are routinely backed up by Information Systems Services and the other relevant IT managers and Systems administrators in the current model. The responsibility for backing up data held on the workstations of individuals regardless of whether they are owned privately or by the organization falls entirely to the User.
• If you are responsible for a collection of data held either remotely on a server or on the hard disk of a computer, you should consult your departmental system administrator or Information Systems Services about local back-up procedures. If you do not use the facilities provided by Information Systems Services or those of your department you should put in place your own procedures.
Best Practice Backup Procedures
• All backups must conform to the following best practice procedures: 1. All data, operating systems and utility files must be adequately and systematically backed up (Ensure this includes all patches, fixes and updates. 2. Records of what is backed up and to where must be maintained.
3. Records of software licensing should be backed up. 4. At least three generations of back-up data must be retained at any one time. 5. Copies of the back-up media, together with the back-up record, should be stored safely in a remote location, at a sufficient distance away to escape any damage from a disaster at the main site.
6. Regular tests of restoring data/software from the backup copies should be undertaken, to ensure that they can be relied upon for use in an emergency. 7.The initial backup for each client (agency server) is a full backup.
8. Daily incremental backups are performed after the initial full backup. Only data files that have changed since the previous backup will be backed up. 9. The most recent backup version of a data file on the server is stored in an active state. 10.Older versions of data file backups will be stored in an inactive state on the server.
11.Archives of data files are performed once a month (dates can vary to avoid scheduling conflicts) on all servers and retained for a year. 12.If a file or directory is modified or open during the backup cycle, it is not backed up.
• Users when formulating a backup strategy should take the following legal implications into consideration: 1.Where data held is personal data within the meaning of the Data Protection Act, there is a legal requirement to ensure that such back-ups are adequate for the purpose of protecting that data.
Legal requirements cont’d
2. Depending on legal or other requirements, e.g. Financial Regulations, it may be necessary to retain essential business data for a number of years and for some archive copies to be permanently retained. 3. Depending on legal or other requirements, e.g. Data Protection Act, Software Licensing, it may be necessary to destroy all backup copies of data after a certain period or at the end of a contract.
• A disaster recovery plan can be defined as the on-going process of planning developing and implementing disaster recovery management procedures and processes to ensure the efficient and effective resumption of vital Organization’s functions in the event of an unscheduled interruption.
Best Practice Disaster Recovery Procedures
• All disaster recovery plans must contain the following key elements: • Critical Application Assessment • Backup Procedures • Recovery Procedures • Implementation Procedures • Test Procedures • Plan Maintenance
• An effective back-up policy usually concerns itself with both aspects of Disaster recovery as well as Data recovery as the two are inherently bound together. • The policy outlines the scope of the policy, the basic procedures, the legal requirements, and details of how the procedures are enforced in order to have a fully functional and effective back-up policy.
1. Surfed internet on 12/11/2009 at 2.30pm URL:http://oti.fsu.edu/oti_pdf/Information %20Technology%20Disaster%20Recovery%20and %20Data%20Backup%20Policy.pdf 2. Surfed internet on 12/11/2009 at 2.30pm URL:http://www.worcester.ac.uk/ils/documents/ILS_ backup_policy.pdf
3. Surfed internet on 12/11/2009 at 2.30pm URL: http://www.hawaii.edu/askus/501 4. Information Security Supporting Policy 19“008 Disaster Recovery and Data Backup Policy”, Trinity College Dublin. Author: IT Security Officer Last Revision Date: 29/05/2003