Вы находитесь на странице: 1из 6

PUBLIC

Information Security Document


Information Backup
And Restore
Policy
Version 3.0
Derbyshire County Council Information Backup & Restore Policy
1
PUBLIC
Version History
Version Date Detail Author
1.0 !"0#"011 Complete$ for $istribution %o &hite
1.0 '"0("011 )ppro*e$ by Information +o*ernance
+roup
%o &hite
.0 !"0("01 Re*ie,e$ by Information +o*ernance
+roup
%o &hite
#.0 #1"0!"01# Re*ie,e$ by Information +o*ernance
+roup
%o &hite
his document has !een prepared usin" the follo#in" IS$%&00' standard controls as reference(
IS$ )ontrol Description
).-..1 Classification .ui$elines
)./.1.1 0 ! 1ecure areas
)./..' 1ecure $isposal or reuse of e2uipment
).10.1.1 Documente$ operatin. proce$ures
).10.1.# 1e.re.ation of $uties
).10.!.1 Information backup
).10.-.1 3ana.ement of remo*able me$ia
).10.-. Disposal of me$ia
).10.4.# Physical me$ia in transit
Derbyshire County Council Information Backup & Restore Policy
2
PUBLIC
' Introduction
Derbyshire County Council has a $uty to ensure that all information an$ $ata ,hich it
is responsible for is securely an$ routinely backe$ up. 5he Council has a
responsibility to ensure that information an$ $ata ,hich has been backe$ up can be
restore$ in the e*ent of $eletion6 loss6 corruption6 $ama.e or ma$e una*ailable $ue
to unforeseen circumstances.
% Purpose
5he purpose of this policy is to i$entify an$ establish processes6 proce$ures an$
.oo$ ,orkin. practices for the backup an$ timely reco*ery of the Council7s
information an$ $ata e8istin. in both electronic an$ physical form.
3 Scope
5he scope of this policy e8ten$s to the back9up of all important information an$ $ata
re.ar$less of the form it takes 9 inclu$in. the reco*ery of I5 systems an$ supportin.
infrastructure.
* Policy Statement
5here is al,ays a risk that systems an$"or proce$ures ,ill fail resultin. in loss of
access to information6 $ata an$ systems6 $espite the implementation of best practice.
5he follo,in. steps ,ill help ensure the Council7s information an$ $ata is backe$ up
an$ restore$ securely in the most efficient manner possible:
I5 1;15<31"D)5) B)C=UP1
1. 5he Council7s I5 a$ministrators are responsible for pro*i$in. system support an$
$ata backup tasks an$ must ensure that a$e2uate backup an$ system reco*ery
practices6 processes an$ proce$ures are follo,e$ in line ,ith the Council7s
Disaster Reco*ery Proce$ures an$ $epartmental $ata retention policies
. )ll I5 backup an$ reco*ery proce$ures must be $ocumente$6 re.ularly re*ie,e$
an$ ma$e a*ailable to traine$ personnel ,ho are responsible for performin. $ata
an$ I5 system backup an$ reco*ery
#. )ll $ata6 operatin. systems"$omain infrastructure state $ata an$ supportin.
system confi.uration files must be systematically backe$ up 9 inclu$in. patches6
fi8es an$ up$ates ,hich may be re2uire$ in the e*ent of system re9installation
an$"or confi.uration
(. )ll backup me$ia must be encrypte$ an$ appropriately labele$ ,ith $ate"s an$
co$es"markin.s ,hich enables easy i$entification of the ori.inal source of the
$ata an$ type of backup use$ on the me$ia. )ll encryption keys shoul$ be kept
securely at all times ,ith clear proce$ures in place to ensure that backup me$ia
can be promptly $ecrypte$ in the e*ent of a $isaster
!. ) recor$in. mechanism must be in place an$ maintaine$ to recor$ all backup
information such as $epartment6 $ata location6 $ate6 type of backup >e...
Incremental6 ?ull etc@A inclu$in. any failures or other issues relatin. to the
backup Bob
'. Copies of backup me$ia must be remo*e$ from $e*ices as soon as possible
,hen a backup or restore has been complete$
-. Backup me$ia ,hich is retaine$ on9site prior to bein. sent for stora.e at a remote
location must be store$ securely in a locke$ safe an$ at a sufficient $istance
a,ay from the ori.inal $ata to ensure both the ori.inal an$ backup copies are not
compromise$
Derbyshire County Council Information Backup & Restore Policy
3
PUBLIC
4. )ccess to the on9site backup location an$ stora.e safe must be restricte$ to
authorise$ personnel only
/. )ll backups i$entifie$ for lon. term stora.e must be store$ at a remote secure
location ,ith appropriate en*ironmental control an$ protection to ensure the
inte.rity of all backup me$ia
10. Backup me$ia must be protecte$ in accor$ance ,ith the Council7s Physical an$
<n*ironmental an$ Data Protection an$ 3e$ia Can$lin. Policies
11. Car$ copy paper files containin. important information an$ $ata shoul$ be
scanne$ an$ store$ electronically to ensure $i.ital copies are create$ ,hich can
be backe$ up by the Council7s IC5 systems. &here this may not be possible6
photocopies of paper files must be ma$e an$ store$ in a secure stora.e location
1. Re.ular tests must be carrie$ out to establish the effecti*eness of the Council7s
backup an$ restore proce$ures by restorin. $ata"soft,are from backup copies
an$ analysin. the results. Departmental I5 1er*ice Relationship mana.ers shoul$
be pro*i$e$ ,ith information relatin. to any issues ,ith the backup testin. of their
$ata
1#. 5he 5ransformation 1er*ice shoul$ notify Departmental I5 1er*ice Relationship
3ana.ers ,hen backups fail D pro*i$in. information such as the backup Bob
$etail an$ reasons >if applicableA for the failure. ) recor$ must be maintaine$6
$etailin. the backup Bob failure inclu$in. any actions taken
1(. Backup $ata"me$ia no lon.er re2uire$ must be clearly marke$ an$ recor$e$ for
secure $isposal an$ ,ith $ue en*ironmental consi$eration >&aste6 <lectrical an$
<lectronic <2uipment 9 &<<< Directi*eA D more information is a*ailable on Dnet:
http:"",,,.$erbyshire..o*.uk",orkin.EforEus"$ata"ho,EtoE$isposeEofEconfi$enti
alEinformationEsafely"$efault.asp
U1<R R<1PFG1IBILI5I<1
I5 Users also ha*e a responsibility to ensure Council $ata is securely maintaine$ an$
is a*ailable for backup:
1. I5 Users must not store any $ata"files on the local $ri*e of a computer >this
e8clu$es the normal functionin. of the &in$o,s operatin. system an$ other
authorise$ soft,are ,hich re2uire the Hcachin.7 of files locally in or$er to
functionA. Instea$6 Users must sa*e $ata >filesA on their allocate$ areas D this
coul$ be an area ,ithin the <DR3 system6 a mappe$ $ri*e or net,ork share$
fol$er the User has access to. Data >filesA ,hich are store$ IlocallyJ ,ill GF5 be
backe$ up an$ ,ill therefore be at risk of e8posure6 $ama.e6 corruption or loss.
. If the Council net,ork becomes una*ailable for ,hate*er reason an$ $ata or
,ork is at risk of bein. lost6 users ha*e no option but to sa*e the $ata >filesA
locally >i.e. on the computer bein. use$A or on appro*e$ me$ia stora.e such as a
Council o,ne$ encrypte$ Data stick >U1B stora.eA. Fnce the Corporate Get,ork
becomes a*ailable a.ain6 $ata >filesA shoul$ be imme$iately transferre$ to the
Corporate net,ork in or$er for it to be backe$ up safely an$ local copies of $ata
on the computer or portable stora.e me$ia shoul$ be $elete$. 5his ,ill help to
ensure the a*ailability an$ inte.rity of $ata an$ to a*oi$ $uplicate copies of $ata
bein. store$
#. Fnly Council authorise$ encrypte$ U1B $ata sticks shoul$ be use$ an$ any $ata
store$ must be for temporary purposes. )ll sensiti*e6 business an$ personal
i$entifiable information shoul$ be remo*e$ from the U1B $ata stick an$ mo*e$ to
an appropriate Council $ata net,ork location as soon as possible in or$er to
ensure the $ata is ma$e a*ailable to the Council an$ can be successfully backe$
up
Derbyshire County Council Information Backup & Restore Policy
4
PUBLIC
(. 3obile phones must not be use$ to store sensiti*e6 business or personal
i$entifiable information. In the e*ent of unforeseen or una*oi$able situations
lea$in. to important $ata bein. store$ on mobile phones6 the $ata must be store$
to a suitable Council net,ork location an$ remo*e$ from the phone as soon as
possible.
D)5) R<15FR<1
5he Council has ,ell establishe$ backup an$ restore routines in place. Data >fileA
restores are normally carrie$ out by the 1er*er 1upport 5eam ,ho ,ill en$ea*our to
restore files from a $ate specifie$ by the user or from the nearest backe$ up $ate
1. I5 Users must re2uest $ata >filesA to be restore$ by contactin. the 5ransformation
1er*ice7s 1er*ice Desk. Fnly files ,hich the user is authorise$ to access ,ill be
pro*i$e$ from the restore
. 5he 5ransformation 1er*ice7s 1er*ice Desk ,ill nee$ to *erify that the User has
permission an$"or authorisation to *ie, or obtain restore$ copies of file"s an$"or
fol$er"s
#. Users re2uestin. a restore"s are re2uire$ to pro*i$e as much information about
the $ata >file"sA as necessary D this ,ill inclu$e:
5he reason for the restore
5he name of file"s an$"or fol$er"s to be restore$
Fri.inal location of file"s an$"or fol$er"s 9 the 1er*ice Desk ,ill pro*i$e
.ui$ance to the User on ho, to fin$ this out
Date6 $ay or time of $eletion"corruption or nearest appro8imation
5he last $ate6 $ay or time ,hich the User recalls the $ata >filesA bein.
intact an$ accesse$"use$ successfully
(. )ll backup an$ reco*ery >restoreA proce$ures must be $ocumente$ an$ ma$e
a*ailable to Data Centre personnel responsible for carryin. out $ata >fileA restores
!. Re2uests from thir$ party soft,are"har$,are *en$ors for file or system restores
for the purpose of system support6 maintenance6 testin. or other unforeseen
circumstance shoul$ be ma$e un$er the super*ision of the 1er*er 1upport 5eam
*ia the Council7s 5ransformation 1er*ice7s 1er*ice Desk
'. Personnel accessin. backup me$ia for the purpose of a restore must ensure that
any me$ia use$ is returne$ to a secure location ,hen no lon.er re2uire$ >applies
to me$ia from both Council an$ remote stora.e locationsA
-. ) lo. must be maintaine$ to recor$ the use of backup me$ia ,hene*er it has
been re2ueste$ an$"or use$ from secure stora.e
he Data )entre is a sensiti+e area and specific technical information
re"ardin" the detail of !ackup and restore procedures is held !y the Data
)entre ,ana"er
- Breaches $f Policy
Breaches of this policy an$"or security inci$ents can be $efine$ as e*ents ,hich
coul$ ha*e6 or ha*e resulte$ in6 loss or $ama.e to Council assets6 or an e*ent ,hich
is in breach of the Council7s security proce$ures an$ policies.
Derbyshire County Council Information Backup & Restore Policy
5
PUBLIC
)ll Council employees6 electe$ members6 partner a.encies6 contractors an$ *en$ors
ha*e a responsibility to report security inci$ents an$ breaches of this policy as
2uickly as possible throu.h the Council7s Inci$ent Reportin. Proce$ure. 5his
obli.ation also e8ten$s to any e8ternal or.anisation contracte$ to support or access
the Information 1ystems of the Council.
5he Council ,ill take appropriate measures to reme$y any breach of the policy an$
its associate$ proce$ures an$ .ui$elines throu.h the rele*ant frame,orks in place.
In the case of an in$i*i$ual then the matter may be $ealt ,ith un$er the $isciplinary
process.
This document forms part of the Council's ISMS Policy and as such, must be
fully complied with.
Derbyshire County Council Information Backup & Restore Policy
6

Вам также может понравиться