Example of a data backup policy and procedure
March 1st, 2010A good backup policy starts with a clear objective such as, – The Company’s Data Backup is the responsibility of the relevant user, department manager or asset owner, who must define which data/information are to be backed up, the Recovery Point Objective (RTO) and the Retention Time (RT). The RPOs and RTs must be updated on regular basis. All backed-up data/information should be stored both locally and off-site on backup media such as, tapes and must be encrypted using adequate encryption methods.
The best way to turn any policy into practice is by defining every single step required to achieve the statement goals. The main entities mentioned in the above statement are data requirements (RTO and RT elements), data owners and users, off-site storage and security. Such statement does not define specific technical details such as, data integrity checks and jobs schedules, however, it is important to include these steps without details in your procedure. Another procedure or document would be needed to show such details. Remember, that policy statements are initiated by a member of senior management and need to be implemented by lower levels in the hierarchy of the organization. Furthermore, such procedure in the form of a flow-chart should be understandable by senior management, otherwise they would be reluctant to approve.
