Adhering to requirements regarding data backups can significantly reduce the risk that data will be compromised or lost in the event of a disaster or other interruption of service. A Backup Operations Plan must be included in the Contingency Plan, as discussed in Section 3.5.3, Information Technology Contingency Planning.
DHS Policy
a. The policies in this document, including C&A requirements, apply to any devices that process or host DHS data.
b. Component ISSMs shall determine whether or not automated process devices should be included as part of an IT system’s C&A requirements.
Information and data backup responsibilities are provided below.
Information and Data Backup Responsibilities ISSMs
• Establish and enforce backup policy.
• Provide technical expertise and evaluate the effectiveness of backup approaches.
Certifying Officials
• Ensure that a Backup Operations Plan is included in the Contingency Plan.
System Owners
• Ensure that a backup strategy and procedures are established, implemented, and tested in accordance with the contingency plan.
System/Network Administrators
• Ensure that regular (daily, weekly, monthly) backups are performed in accordance with system requirements.
• Ensure that analyses are performed to determine the volume of data to be backed up, frequency of
Information and Data Backup Responsibilities data modifications and updates, and access needs of the user community.
• Maintain a proper rotation strategy for backups.
• Ensure that all backup tapes are properly labeled in accordance with the highest data sensitivity level assigned to the system.
• Ensure that on-site and off-site backup storage locations are available.
• Ensure that on-site backups are stored in fire and water-proof containers.
• Ensure that at least one backup copy of system software is retained off-site.
ISSOs
• Ensure that a Backup Operations Plan is included in the Contingency Plan.
• Ensure that the Backup Operations Plan is tested at least annually and more frequently if the risk and magnitude of loss is sufficient to warrant doing so. Ensure that timely corrective actions are taken to address deficiencies discovered during testing.
• Ensure that on-site and off-site backup storage locations are available, that on-site backups are stored in fire and water-proof containers and that at least one back-up copy of system software is retained off-site.
• Ensure that users are apprised of their responsibilities with regard to backing up any sensitive data residing on their hard drives.
• Review the Contingency Plan as part of the accreditation process.
• Ensure users and system administrators understand their responsibilities and are aware of negative impacts that can result from failing to adequately back up critical data
• Ensure the Contingency Plan, including backup procedures, is tested at least annually and that timely corrective action is taken to address deficiencies discovered during testing.
• Ensure that all testing is formally documented and ensure that records are maintained as part of the system history.
Users
• Understand the critical nature of backing up sensitive data.
• Never keep critical data on individual hard drives unless a backup copy exists, preferably on the network.
• Keep supervisors apprised of projects in which critical data may not be adequately backed up.
Development of a data backup strategy begins early in the life cycle when the criticality/
sensitivity of the system is first considered. The following factors (derived from the Risk Assessment and documented in the Contingency Plan) will drive the data backup strategy:
• Application restoration priorities based on DHS mission criticality
• The maximum amount of permissible downtime before DHS mission requirements are seriously degraded
• The amount of data updates that can be lost between a service interruption event and the last data backup
• The amount of changes in system configuration settings that can be lost between a service interruption event and the last data backup
• Interdependencies with other systems
• Who the system owners are
Elements that must be considered as part of the backup operations strategy include:
• Specific needs of the site
• People, their roles, responsibilities, and skill levels
• Hardware requirements
• Communications considerations
• Supplies required
• Location and availability of an alternate processing site
• Transportation requirements
• Space requirements of the recovery site
• Power and environmental requirements
• Backup documentation requirements.
the frequency of backups will depend upon how often the data processed by the system(s)
changes and how important those changes are. Again, the risk assessment will drive this element of the backup strategy. Data backups need to be stored both on-site and off-site, in a secure facility, in fireproof and waterproof containers.
Data backup and restoration procedures must be tested at least quarterly as an integral part of testing the overall Contingency Plan. This will include testing backup copies to make sure they are actually usable for restoration. More frequent testing may be required commensurate with the risk and magnitude of loss or harm that could result from disruption of information
processing support. Testing helps ensure that each person with data backup responsibilities understands and is able to technically fulfill his or her backup and recovery duties. Testing of data backup and restoration procedures needs to be formally documented and records of testing need to be retained as part of the system history.
The same principles that govern backup of system data also apply to individual users. Virtually all DHS employees and contractors will frequently possess critical sensitive data that resides on hard drives on Government-owned personal computers or laptops. Hard drive crashes combined with a failure to save critical files can result in a negative impact to the DHS mission or, at a minimum, result in additional costs and lost time to recover or duplicate lost data. Critical data should never be kept on individual hard drives unless a backup copy exists. The backup should preferably be stored on a network drive where frequent backups are made. DHS system
administrators do not have the responsibility or the resources to assist users in recovering lost data resulting from hard drive crashes unless the system owner deems that said data is critical to a DHS mission.