Information Backup And Restore Policy Version 3.0 Derbyshire County Council Information Backup & Restore Policy 1 PUBLIC Version History Version Date Detail Author 1.0 !"0#"011 Complete$ for $istribution %o &hite 1.0 '"0("011 )ppro*e$ by Information +o*ernance +roup %o &hite .0 !"0("01 Re*ie,e$ by Information +o*ernance +roup %o &hite #.0 #1"0!"01# Re*ie,e$ by Information +o*ernance +roup %o &hite his document has !een prepared usin" the follo#in" IS$%&00' standard controls as reference( IS$ )ontrol Description ).-..1 Classification .ui$elines )./.1.1 0 ! 1ecure areas )./..' 1ecure $isposal or reuse of e2uipment ).10.1.1 Documente$ operatin. proce$ures ).10.1.# 1e.re.ation of $uties ).10.!.1 Information backup ).10.-.1 3ana.ement of remo*able me$ia ).10.-. Disposal of me$ia ).10.4.# Physical me$ia in transit Derbyshire County Council Information Backup & Restore Policy 2 PUBLIC ' Introduction Derbyshire County Council has a $uty to ensure that all information an$ $ata ,hich it is responsible for is securely an$ routinely backe$ up. 5he Council has a responsibility to ensure that information an$ $ata ,hich has been backe$ up can be restore$ in the e*ent of $eletion6 loss6 corruption6 $ama.e or ma$e una*ailable $ue to unforeseen circumstances. % Purpose 5he purpose of this policy is to i$entify an$ establish processes6 proce$ures an$ .oo$ ,orkin. practices for the backup an$ timely reco*ery of the Council7s information an$ $ata e8istin. in both electronic an$ physical form. 3 Scope 5he scope of this policy e8ten$s to the back9up of all important information an$ $ata re.ar$less of the form it takes 9 inclu$in. the reco*ery of I5 systems an$ supportin. infrastructure. * Policy Statement 5here is al,ays a risk that systems an$"or proce$ures ,ill fail resultin. in loss of access to information6 $ata an$ systems6 $espite the implementation of best practice. 5he follo,in. steps ,ill help ensure the Council7s information an$ $ata is backe$ up an$ restore$ securely in the most efficient manner possible: I5 1;15<31"D)5) B)C=UP1 1. 5he Council7s I5 a$ministrators are responsible for pro*i$in. system support an$ $ata backup tasks an$ must ensure that a$e2uate backup an$ system reco*ery practices6 processes an$ proce$ures are follo,e$ in line ,ith the Council7s Disaster Reco*ery Proce$ures an$ $epartmental $ata retention policies . )ll I5 backup an$ reco*ery proce$ures must be $ocumente$6 re.ularly re*ie,e$ an$ ma$e a*ailable to traine$ personnel ,ho are responsible for performin. $ata an$ I5 system backup an$ reco*ery #. )ll $ata6 operatin. systems"$omain infrastructure state $ata an$ supportin. system confi.uration files must be systematically backe$ up 9 inclu$in. patches6 fi8es an$ up$ates ,hich may be re2uire$ in the e*ent of system re9installation an$"or confi.uration (. )ll backup me$ia must be encrypte$ an$ appropriately labele$ ,ith $ate"s an$ co$es"markin.s ,hich enables easy i$entification of the ori.inal source of the $ata an$ type of backup use$ on the me$ia. )ll encryption keys shoul$ be kept securely at all times ,ith clear proce$ures in place to ensure that backup me$ia can be promptly $ecrypte$ in the e*ent of a $isaster !. ) recor$in. mechanism must be in place an$ maintaine$ to recor$ all backup information such as $epartment6 $ata location6 $ate6 type of backup >e... Incremental6 ?ull etc@A inclu$in. any failures or other issues relatin. to the backup Bob '. Copies of backup me$ia must be remo*e$ from $e*ices as soon as possible ,hen a backup or restore has been complete$ -. Backup me$ia ,hich is retaine$ on9site prior to bein. sent for stora.e at a remote location must be store$ securely in a locke$ safe an$ at a sufficient $istance a,ay from the ori.inal $ata to ensure both the ori.inal an$ backup copies are not compromise$ Derbyshire County Council Information Backup & Restore Policy 3 PUBLIC 4. )ccess to the on9site backup location an$ stora.e safe must be restricte$ to authorise$ personnel only /. )ll backups i$entifie$ for lon. term stora.e must be store$ at a remote secure location ,ith appropriate en*ironmental control an$ protection to ensure the inte.rity of all backup me$ia 10. Backup me$ia must be protecte$ in accor$ance ,ith the Council7s Physical an$ <n*ironmental an$ Data Protection an$ 3e$ia Can$lin. Policies 11. Car$ copy paper files containin. important information an$ $ata shoul$ be scanne$ an$ store$ electronically to ensure $i.ital copies are create$ ,hich can be backe$ up by the Council7s IC5 systems. &here this may not be possible6 photocopies of paper files must be ma$e an$ store$ in a secure stora.e location 1. Re.ular tests must be carrie$ out to establish the effecti*eness of the Council7s backup an$ restore proce$ures by restorin. $ata"soft,are from backup copies an$ analysin. the results. Departmental I5 1er*ice Relationship mana.ers shoul$ be pro*i$e$ ,ith information relatin. to any issues ,ith the backup testin. of their $ata 1#. 5he 5ransformation 1er*ice shoul$ notify Departmental I5 1er*ice Relationship 3ana.ers ,hen backups fail D pro*i$in. information such as the backup Bob $etail an$ reasons >if applicableA for the failure. ) recor$ must be maintaine$6 $etailin. the backup Bob failure inclu$in. any actions taken 1(. Backup $ata"me$ia no lon.er re2uire$ must be clearly marke$ an$ recor$e$ for secure $isposal an$ ,ith $ue en*ironmental consi$eration >&aste6 <lectrical an$ <lectronic <2uipment 9 &<<< Directi*eA D more information is a*ailable on Dnet: http:"",,,.$erbyshire..o*.uk",orkin.EforEus"$ata"ho,EtoE$isposeEofEconfi$enti alEinformationEsafely"$efault.asp U1<R R<1PFG1IBILI5I<1 I5 Users also ha*e a responsibility to ensure Council $ata is securely maintaine$ an$ is a*ailable for backup: 1. I5 Users must not store any $ata"files on the local $ri*e of a computer >this e8clu$es the normal functionin. of the &in$o,s operatin. system an$ other authorise$ soft,are ,hich re2uire the Hcachin.7 of files locally in or$er to functionA. Instea$6 Users must sa*e $ata >filesA on their allocate$ areas D this coul$ be an area ,ithin the <DR3 system6 a mappe$ $ri*e or net,ork share$ fol$er the User has access to. Data >filesA ,hich are store$ IlocallyJ ,ill GF5 be backe$ up an$ ,ill therefore be at risk of e8posure6 $ama.e6 corruption or loss. . If the Council net,ork becomes una*ailable for ,hate*er reason an$ $ata or ,ork is at risk of bein. lost6 users ha*e no option but to sa*e the $ata >filesA locally >i.e. on the computer bein. use$A or on appro*e$ me$ia stora.e such as a Council o,ne$ encrypte$ Data stick >U1B stora.eA. Fnce the Corporate Get,ork becomes a*ailable a.ain6 $ata >filesA shoul$ be imme$iately transferre$ to the Corporate net,ork in or$er for it to be backe$ up safely an$ local copies of $ata on the computer or portable stora.e me$ia shoul$ be $elete$. 5his ,ill help to ensure the a*ailability an$ inte.rity of $ata an$ to a*oi$ $uplicate copies of $ata bein. store$ #. Fnly Council authorise$ encrypte$ U1B $ata sticks shoul$ be use$ an$ any $ata store$ must be for temporary purposes. )ll sensiti*e6 business an$ personal i$entifiable information shoul$ be remo*e$ from the U1B $ata stick an$ mo*e$ to an appropriate Council $ata net,ork location as soon as possible in or$er to ensure the $ata is ma$e a*ailable to the Council an$ can be successfully backe$ up Derbyshire County Council Information Backup & Restore Policy 4 PUBLIC (. 3obile phones must not be use$ to store sensiti*e6 business or personal i$entifiable information. In the e*ent of unforeseen or una*oi$able situations lea$in. to important $ata bein. store$ on mobile phones6 the $ata must be store$ to a suitable Council net,ork location an$ remo*e$ from the phone as soon as possible. D)5) R<15FR<1 5he Council has ,ell establishe$ backup an$ restore routines in place. Data >fileA restores are normally carrie$ out by the 1er*er 1upport 5eam ,ho ,ill en$ea*our to restore files from a $ate specifie$ by the user or from the nearest backe$ up $ate 1. I5 Users must re2uest $ata >filesA to be restore$ by contactin. the 5ransformation 1er*ice7s 1er*ice Desk. Fnly files ,hich the user is authorise$ to access ,ill be pro*i$e$ from the restore . 5he 5ransformation 1er*ice7s 1er*ice Desk ,ill nee$ to *erify that the User has permission an$"or authorisation to *ie, or obtain restore$ copies of file"s an$"or fol$er"s #. Users re2uestin. a restore"s are re2uire$ to pro*i$e as much information about the $ata >file"sA as necessary D this ,ill inclu$e: 5he reason for the restore 5he name of file"s an$"or fol$er"s to be restore$ Fri.inal location of file"s an$"or fol$er"s 9 the 1er*ice Desk ,ill pro*i$e .ui$ance to the User on ho, to fin$ this out Date6 $ay or time of $eletion"corruption or nearest appro8imation 5he last $ate6 $ay or time ,hich the User recalls the $ata >filesA bein. intact an$ accesse$"use$ successfully (. )ll backup an$ reco*ery >restoreA proce$ures must be $ocumente$ an$ ma$e a*ailable to Data Centre personnel responsible for carryin. out $ata >fileA restores !. Re2uests from thir$ party soft,are"har$,are *en$ors for file or system restores for the purpose of system support6 maintenance6 testin. or other unforeseen circumstance shoul$ be ma$e un$er the super*ision of the 1er*er 1upport 5eam *ia the Council7s 5ransformation 1er*ice7s 1er*ice Desk '. Personnel accessin. backup me$ia for the purpose of a restore must ensure that any me$ia use$ is returne$ to a secure location ,hen no lon.er re2uire$ >applies to me$ia from both Council an$ remote stora.e locationsA -. ) lo. must be maintaine$ to recor$ the use of backup me$ia ,hene*er it has been re2ueste$ an$"or use$ from secure stora.e he Data )entre is a sensiti+e area and specific technical information re"ardin" the detail of !ackup and restore procedures is held !y the Data )entre ,ana"er - Breaches $f Policy Breaches of this policy an$"or security inci$ents can be $efine$ as e*ents ,hich coul$ ha*e6 or ha*e resulte$ in6 loss or $ama.e to Council assets6 or an e*ent ,hich is in breach of the Council7s security proce$ures an$ policies. Derbyshire County Council Information Backup & Restore Policy 5 PUBLIC )ll Council employees6 electe$ members6 partner a.encies6 contractors an$ *en$ors ha*e a responsibility to report security inci$ents an$ breaches of this policy as 2uickly as possible throu.h the Council7s Inci$ent Reportin. Proce$ure. 5his obli.ation also e8ten$s to any e8ternal or.anisation contracte$ to support or access the Information 1ystems of the Council. 5he Council ,ill take appropriate measures to reme$y any breach of the policy an$ its associate$ proce$ures an$ .ui$elines throu.h the rele*ant frame,orks in place. In the case of an in$i*i$ual then the matter may be $ealt ,ith un$er the $isciplinary process. This document forms part of the Council's ISMS Policy and as such, must be fully complied with. Derbyshire County Council Information Backup & Restore Policy 6
Harvesting Rainwater for Your Homestead in 9 Days or Less: 7 Steps to Unlocking Your Family's Clean, Independent, and Off-Grid Water Source with the QuickRain Blueprint