WHAT COULD BE AN
EFFECTIVE NETWORK
DATA BACK-UP POLICY?
PRESENTED BY:
SANDE DAVID Reg.No:07/U/8577/ITD/GV
Kyambogo University Kampala, Uganda
Introduction
• A back-up refers to making copies of data so that these additional copies may be used to restore the original after a data lose event. These copies of the original file must be on another location/site usually offline.
• Back-ups are used primarily for two purposes
1.To restore a computer to an operational state following a disaster (called disaster recovery).
2.To restore small numbers of files after they have been accidentally deleted or corrupted.
Introduction cont’d
• Archive - The saving of old or unused files onto magnetic tape or other offline mass storage media for the purpose of releasing on-line storage room.
• There are 4 types of back-ups I. Full + Differential back-up
II.Full + incremental back-up III.Unstructured back-up
Scope
• This back-up policy include all the staff of any
organization and third parties who may be connected to the organization's IT resources.
• All users are responsible for arranging adequate data backup procedures for the data held on IT systems assigned to them
• The disaster recovery procedures in this policy apply to all Network Managers, System Administrators, and
Application Administrators who are responsible for
systems or for a collection of data held either remotely on a server or on the hard disk of a computer.
Responsibility for Data
backup.
• Only critical systems are routinely backed up by Information Systems Services and the other relevant IT
managers and Systems administrators in the current model. The responsibility for backing up data held on the workstations of individuals regardless of whether they are owned privately or by the
Responsibility cont’d
• If you are responsible for a collection of data held either remotely on a server or on the hard disk of a computer, you should consult your departmental system administrator or Information Systems
Services about local back-up procedures. If you do not use the facilities provided by Information
Systems Services or those of your department you should put in place your own procedures.
Best Practice Backup
Procedures
• All backups must conform to the following best practice procedures:
1. All data, operating systems and utility files
must be adequately and systematically backed up (Ensure this includes all patches, fixes and updates.
2. Records of what is backed up and to where must be maintained.
Procedures cont’d
3. Records of software licensing should be backed up.
4. At least three generations of back-up data must be retained at any one time.
5. Copies of the back-up media, together with the back-up record, should be stored safely in a remote location, at a sufficient
distance away to escape any damage from a disaster at the main site.
Procedures cont’d
6. Regular tests of restoringdata/software from the backup copies should be undertaken, to ensure that they can be relied upon for use in an emergency.
7.The initial backup for each client (agency server) is a full backup.
Procedures cont’d
8. Daily incremental backups are performed after the initial full backup. Only data files that have changed since the previous backup will be backed up.
9. The most recent backup version of a data file on the server is stored in an active state.
10.Older versions of data file backups will be stored in an inactive state on the server.
Procedures cont’d
11.Archives of data files are performed once a month (dates can vary to avoid scheduling conflicts) on all servers and retained for a year.
12.If a file or directory is modified or open during the backup cycle, it is not
Legal Requirements
• Users when formulating a backup
strategy should take the following legal implications into consideration:
1.Where data held is personal data within the meaning of the Data Protection Act, there is a legal requirement to ensure
that such back-ups are adequate for the purpose of protecting that data.
Legal requirements cont’d
2. Depending on legal or other requirements, e.g.Financial Regulations, it may be necessary to retain essential business data for a number of years and for some archive copies to be permanently retained. 3. Depending on legal or other requirements, e.g. Data
Protection Act, Software Licensing, it may be
necessary to destroy all backup copies of data after a certain period or at the end of a contract.
Disaster Recovery
• A disaster recovery plan can be defined as the on-going process of planning
developing and implementing disaster recovery management procedures and processes to ensure the efficient and effective resumption of vital
Organization’s functions in the event of an unscheduled interruption.
Best Practice Disaster
Recovery Procedures
• All disaster recovery plans must contain the following key elements:
• Critical Application Assessment • Backup Procedures
• Recovery Procedures
• Implementation Procedures • Test Procedures
Conclusion
• An effective back-up policy usually concerns itself with both aspects of Disaster recovery as well as Data recovery as the two are
inherently bound together.
• The policy outlines the scope of the policy, the basic procedures, the legal requirements, and details of how the procedures are enforced in order to have a fully functional and effective back-up policy.
References
1. Surfed internet on 12/11/2009 at 2.30pm URL:http://oti.fsu.edu/oti_pdf/Information %20Technology%20Disaster%20Recovery%20and %20Data%20Backup%20Policy.pdf 2. Surfed internet on 12/11/2009 at 2.30pm URL:http://www.worcester.ac.uk/ils/documents/ILS_ backup_policy.pdfReferences cont’d
3. Surfed internet on 12/11/2009 at 2.30pm
URL: http://www.hawaii.edu/askus/501 4. Information Security Supporting Policy
19“008 Disaster Recovery and Data Backup Policy”, Trinity College Dublin. Author: IT Security Officer
