Backup Policy
Section of: Security Policies
Target Audience: Technical
Version: 1.5 2014
Page 1 of 5
1.0 Overview
A backup policy is similar to an insurance policy ‐ it provides the last line of defense against data loss and is sometimes the only way to recover from a hardware failure, data corruption, or a security incident. A backup policy is related closely to a disaster recovery policy, but since it protects against events that are relatively likely to occur, in practice it will be used more frequently than a contingency planning
document
Definitions
VCS is hereinafter referred to as Cloud Service Provider “CSP"
Customer is the name of the company information the CSP is providing services for
Partner is the name of the service provider helping the customer with Microsoft
Dynamics software installation, consulting and setup
2.0 Purpose
The purpose of this policy is to provide a consistent framework to apply to the backup process. The policy will provide specific information to ensure backups are available and useful when needed ‐ whether to simply recover a specific file or when a larger‐scale recovery effort is needed.
3.0 Scope
This policy applies to all data stored by CSP’s customers’ on a customer by customer basis. The policy covers such specifics standard backups, optional advanced backups, the type of data to be backed up, frequency of backups, storage of backups, retention of backups, and restoration procedures.
4.0 Policy
4.1 Identification of Critical Data
The company must identify what data is most critical to its organization. This can be done through a formal data classification process or through an informal review of information assets. Regardless of the method, critical data should be identified by our Customers or partners so that it can be given the highest priority during the backup process and set in to a backup verification check and backup notifications can be sent to the customer if the customer opts for an advanced backup solution.
Backup Policy
Section of: Security Policies
Target Audience: Technical
Version: 1.5 2014
Page 2 of 5
4.2 Data to be Backed Up
A backup policy must balance the importance of the data to be backed up with the burden such backups place on the users, network resources, and the backup administrator. Data to be backed up will include:
• Customer should determine all data determined to be critical to company operation and/or employee job function else the entire server systems for the customer will be backed up in bulk. • All information stored on the Customer file server(s) and email server(s). It is the user's
responsibility to determine if they wish to store files on the CSP file server.
• All information stored on network servers, which may include web servers, database servers, domain controllers, firewalls, and remote access servers, etc.
4.3
Standard
Backup
Policy
Standard Backups are done nightly for the following items and replicated to a second datacenter: all of the files, Virtual Machines, Email, application specific data, and SQL server data files. Customer’s data will be held at the offsite location for a period of 30 days. Customers can request additional backups. Customer can file a request to recover any data up to 30 days, provided that they are a customer in good standing. Customer requests to download or recover backup files are limited to once per quarter with the exception of a service termination. The data of a customer terminating their service, shall be stored for a period of 30 days post contract termination.
A default SQL service maintenance plan is configured by CSP at the time of system provision ONLY to create a flat file level backup nightly and truncate logs weekly. Customers may elect to add the following to the SQL maintenance plan: a shrink database, SQL log purge, re‐index or modify the SQL maintenance plan. CSP’s Customers may elect to add additional backup plans at any time for the SQL server, storing the backups on the servers D:\ drive under a standard folder location named backups. Standard backup storage limits are set to the amount of disk space allocated at the time of provisioning plus the amount of storage required to store for thirty (30) days.
4.4 Advanced Backup Policy
Backup Policy
Section of: Security Policies
Target Audience: Technical
Version: 1.5 2014
Page 3 of 5
4.4.1
Customer
Backup
Portal
Secure
Login
Direct
Access
to
SQL
Server
Backups
Direct
Access
to
User
Profiles
including
My
Documents
Unlimited
Download
files
Delete
old
backups
Customer
Notifications
on
backup
completion
4.4.2
Daily
verification
of
SQL
maintenance
plan.
If the SQL maintenance plan fails the customer is notified and support is notified.
4.4.3
Additional
Backup
Storage
Up to 150GB of disk backup storage included. Additional storage charged on a per GB basis.
4.4.4
Backup
Rotation
Customer may elect to allow backups to overwrite the oldest backup in order prevent storage overages.
Backup
Retention
4.4.5
Custom
Unlimited
Retention
Policy
Customers my set their own retention policy as needed for what every period they want as long as it does not exceed the total backup storage limits. For advanced backup we recommend:
• Intra Daily Snapshots (varies by data criticality)
• Standard: 7 Daily, 4 weekly and thereafter monthly snapshots • Stored for up to 7 years or 30 days past termination of service
4.5 Standard Backup Frequency
Backup frequency is critical to successful data recovery. The CSP has determined that the
following backup schedule will allow for sufficient data recovery in the event of an incident,
while avoiding an undue burden on the users, network, and backup administrator. Used
for all customers except for those on the advanced plan.4.5.1
Exchange
Mailbox
Data
• Full Mailbox / Mail Store backups daily
4.5.2
SQL
Database
Data
Backup Policy
Section of: Security Policies
Target Audience: Technical
Version: 1.5 2014
Page 4 of 5
• Hourly (1, 2, 4) Transactional backups provided only upon request at initial setup
4.5.3
SQL
Maintenance
Job
Log
• Log Maintenance set to purge older than 12 months
4.5.4
Application
Specific
Data
Application Specific Data should be stored on the customer D:\ drive.
4.5.5
User
File
Directories
User specific directories include User, My Documents, Applications Data, and roaming Profile Customer default Shared Directory (Common)
• Full Weekly directory backup
4.5.6
Virtual
Server
Images
Virtual Server Images include the systems OS and software applications and all supporting server images required to run that server environment
• Full Weekly directory backup
4.6 Advanced Backup Frequency
Backup frequency is critical to successful data recovery. The CSP allows for a customer
determined backup schedule will allow for sufficient data recovery in the event of an incident,
while avoiding an undue burden on the users, network, and backup administrator.
6.0 Definitions
Backup To copy data to a second location, solely for the purpose of safe keeping of that data.
Backup Media any storage devices that are used to maintain data for backup purposes. These are often magnetic tapes, CDs, DVDs, or hard drives.
Backup Policy
Section of: Security Policies
Target Audience: Technical
Version: 1.5 2014
Page 5 of 5
Full Backup A backup that makes a complete copy of the target data.
Incremental Backup A backup that only backs up files that have changed in a designated time period, typically since the last backup was run.
Restoration Also called "recovery." The process of restoring the data from its backup‐up state to its normal state so that it can be used and accessed in a regular manner.
