Backup Policy

Introduction
Backups are an important aspect of business continuity in the event of accidental loss, intentional malice (eg ransomware), and disaster recovery.

Objective
To protect against the loss or corruption of data.

Scope
This policy applies to all staff and company information systems or cloud-based services hosting company data. Staff are responsible for storing company information on the network. System administrators are responsible for ensuring appropriate backup and restore procedures.

Policy

• All company information, software and systems should be backed up regularly.
• Backups should be restored and tested regularly to ensure reliability.
• Backups should be adequately protected and stored offsite.
• Logs should be maintained to verify backup and restore procedures.
• Backups should be encrypted if possible.
• Backups should comply with the data retention policy.
• Backups should prevent the loss of no more than 8 hours of data.
• In case of disaster, backups should enable the restore of critical systems and services within 24 hours.

References
Information Classification Policy
Data Retention Policy
Business Continuity Plan