Backup & Recovery of Data
Standard and Process
Data (including databases) must be recoverable based on business need. If the data is available from an original source (which is backed up) and can be replicated from that source, data backups may not be needed. Physical security of backups must be maintained and periodically reviewed to meet compliance or regulatory requirements.
IT staff are responsible for working with users and data owners to develop data backup and recovery plans for University data and to designate facilities or locations for storing backups.
Users and data owners are responsible for working with IT staff to understand and follow the data backup plan, secure storage practices and recovery options for the data they store.
- This standard is based on the principles of ISO/IEC 27002:2005.
Document Owner: University Information Security
Document Approvers: Brian Dahlin, Chief Information Security Officer; Patton Fast, University Enterprise Architect
Effective Date: August 2010
Last Reviewed Date: November 2014