WHAT COULD BE AN

EFFECTIVE NETWORK
DATA BACK-UP POLICY?
 PRESENTED BY:
SANDE DAVID
Reg.No:07/U/8577/ITD/GV
Kyambogo University
Kampala, Uganda

2
 Introduction
• A back-up refers to making copies of data so that these
additional copies may be used to restore the original
after a data lose event. These copies of the original file
must be on another location/site usually offline.
• Back-ups are used primarily for two purposes
1.To restore a computer to an operational state following
a disaster (called disaster recovery).
2.To restore small numbers of files after they have been
accidentally deleted or corrupted.

3
 Introduction cont’d
• Archive - The saving of old or unused files
onto magnetic tape or other offline mass
storage media for the purpose of releasing
on-line storage room.

• There are 4 types of back-ups

I. Full + Differential back-up
II.Full + incremental back-up
III.Unstructured back-up
IV.Mirror and reverse incremental back-up

4
 Scope
• This back-up policy include all the staff of any
organization and third parties who may be connected
to the organization's IT resources.
• All users are responsible for arranging adequate data
backup procedures for the data held on IT systems
assigned to them
• The disaster recovery procedures in this policy apply to
all Network Managers, System Administrators, and
Application Administrators who are responsible for
systems or for a collection of data held either remotely
on a server or on the hard disk of a computer.

5
 Responsibility for Data
backup.
• Only critical systems are routinely
backed up by Information Systems
Services and the other relevant IT
managers and Systems administrators in
the current model. The responsibility for
backing up data held on the workstations
of individuals regardless of whether they
are owned privately or by the
organization falls entirely to the User.

6
 Responsibility cont’d
• If you are responsible for a collection of data held
either remotely on a server or on the hard disk of a
computer, you should consult your departmental
system administrator or Information Systems
Services about local back-up procedures. If you do
not use the facilities provided by Information
Systems Services or those of your department you
should put in place your own procedures.

7
 Best Practice Backup
Procedures
• All backups must conform to the following best
practice procedures:
1. All data, operating systems and utility files
must be adequately and systematically backed
up (Ensure this includes all patches, fixes and
updates.
2. Records of what is backed up and to where
must be maintained.

8
 Procedures cont’d
3. Records of software licensing should be
backed up.
4. At least three generations of back-up data
must be retained at any one time.
5. Copies of the back-up media, together with
the back-up record, should be stored safely
in a remote location, at a sufficient
distance away to escape any damage from
a disaster at the main site.

9
 Procedures cont’d
6. Regular tests of restoring
data/software from the backup copies
should be undertaken, to ensure that
they can be relied upon for use in an
emergency.
7.The initial backup for each client
(agency server) is a full backup.

10
 Procedures cont’d
8. Daily incremental backups are performed after the
initial full backup. Only data files that have changed
since the previous backup will be backed up.
9. The most recent backup version of a data file on the
server is stored in an active state.
10.Older versions of data file backups will be stored in
an inactive state on the server.

11
 Procedures cont’d
11.Archives of data files are performed
once a month (dates can vary to avoid
scheduling conflicts) on all servers and
retained for a year.
12.If a file or directory is modified or open
during the backup cycle, it is not
backed up.

12
 Legal Requirements
• Users when formulating a backup
strategy should take the following legal
implications into consideration:
1.Where data held is personal data within
the meaning of the Data Protection Act,
there is a legal requirement to ensure
that such back-ups are adequate for the
purpose of protecting that data.

13
Legal requirements cont’d
2. Depending on legal or other requirements, e.g.
Financial Regulations, it may be necessary to retain
essential business data for a number of years and
for some archive copies to be permanently retained.
3. Depending on legal or other requirements, e.g. Data
Protection Act, Software Licensing, it may be
necessary to destroy all backup copies of data after
a certain period or at the end of a contract.

14
 Disaster Recovery

• A disaster recovery plan can be defined

as the on-going process of planning
developing and implementing disaster
recovery management procedures and
processes to ensure the efficient and
effective resumption of vital
Organization’s functions in the event of
an unscheduled interruption.

15
 Best Practice Disaster
Recovery Procedures
• All disaster recovery plans must contain
the following key elements:
• Critical Application Assessment
• Backup Procedures
• Recovery Procedures
• Implementation Procedures
• Test Procedures
• Plan Maintenance

16
 Conclusion
• An effective back-up policy usually concerns
itself with both aspects of Disaster recovery as
well as Data recovery as the two are
inherently bound together.
• The policy outlines the scope of the policy, the
basic procedures, the legal requirements, and
details of how the procedures are enforced in
order to have a fully functional and effective
back-up policy.

17
 References
1. Surfed internet on 12/11/2009 at 2.30pm
URL:http://oti.fsu.edu/oti_pdf/Information
%20Technology%20Disaster%20Recovery%20and
%20Data%20Backup%20Policy.pdf
2. Surfed internet on 12/11/2009 at 2.30pm

URL:http://www.worcester.ac.uk/ils/documents/ILS_
backup_policy.pdf

18
 References cont’d
3. Surfed internet on 12/11/2009 at
2.30pm
URL: http://www.hawaii.edu/askus/501
4. Information Security Supporting Policy
19“008 Disaster Recovery and Data
Backup Policy”, Trinity College Dublin.
Author: IT Security Officer
Last Revision Date: 29/05/2003

19