UNSW@ADFA Backup Policy09112008

7/29/2019 UNSW@ADFA Backup Policy09112008

1/4

Page 1 of 4UNSW@ADFA DATA BACKUP POLICY Date Effective: 09/11/2008

Version: [0.2: 04/10/2007]

DATA BACKUP POLICY

UNSW@ADFA PolicyDocument Number UNSWADFA001

Responsible Officer Manager, ICTS

Contact OfficerICTS Infrastructure Support Services Manager.(email via ICTS Service Desk/ phone 02 6268 8140)

Authorisation IT Infrastructure Advisory Committee Date:xxxxxEffective Date 9 November 2008

ModificationsSuperseded Documents New policyReview Commencement Date Twelve months from commencement date

Associated DocumentsUNSW Electronic Record-Keeping Policywww.infonet.unsw.edu.au/poldoc/electronic_recordkeeping.htm

1.

Preamble1.1 Purpose

The purpose of this policy is to define the need for performing periodic computer systembackups to ensure that mission critical administrative applications, system data andarchives, users' data and archives are adequately preserved and protected against dataloss and destruction.

1.2 BackgroundData can be destroyed by system malfunction or accidental or intentional means.Adequate backups allow data to be readily recovered as necessary. The ongoingavailability of University data is critical to the operation of the institution. In order to

minimise any potential loss or corruption of this data, units responsible for providing andoperating administrative applications or file storage services need to ensure that data isadequately backed up by establishing and following an appropriate system backupprocedure.

Having a streamlined data backup policy is fundamental to the formation of an effectiveBusiness Continuity Plan (BCP).

2. ScopeData custodians are responsible for providing adequate backups to ensure the recovery ofelectronic information (includes UNSW@ADFA data and software) in the event of failure.These backup provisions allow University business processes, including the research

enterprise to be resumed in a reasonable amount of time with minimal loss of data. Sincefailures can take many forms, and may occur over time, multiple generations of backupsshould be maintained.

3. DefinitionsAdministrative Applications, Data and Archives: is the collection of data elements which arerelevant to the operations, plans, or management of one or more UNSW@ADFA Schools orCentres.

Users' Data and Archives: is the collection of users' data elements located either on desktopequipment or fileservers.

System Backup: a documented procedure for copying applications software and data files that

reside on computer disks to a portable medium (such as tape or diskette) or to a medium that isphysically remote from the originating system.
http://www.infonet.unsw.edu.au/poldoc/electronic_recordkeeping.htmhttp://www.infonet.unsw.edu.au/poldoc/electronic_recordkeeping.htmhttp://www.infonet.unsw.edu.au/poldoc/electronic_recordkeeping.htm


2/4

Page 2 of 4

UNSW@ADFA DATA BACKUP POLICY Date Effective: 09/11/2008Current Version: [v0.2, 04/10/2007]

Data Custodian: for the purposes of this policy, a Data Custodian shall be the officer ultimatelyresponsible for the delivery of Information Technology resources to a School or Centre.

Three Generation: There are media and storage costs associated with backups. Backup sets donot need to be kept forever and the media is reusable.

A popular media rotation plan is called Generation. Using this plan media is kept for threebackup cycles. Backups are made on media called son. During each backup cycle, thegenerations increment; son sets become father sets, father sets become grandfather sets. The

grandfather sets are rotated, reused and become son sets.Backup Types:

Full Backup: A Full Backup creates a copy of every file on a storage device. This is absolutelythe most complete, comprehensive, and fool-proof type of backup. It is also the most costly interms of effort, time and dollar output.

Partial Backup: A Partial Backup creates a copy of selected files on a storage device. The userselects which files to backup and which to skip. This can be almost as comprehensive as a fullbackup since there are many files that have absolutely no long-term value. Files with no long-term value include temporary files and cache files that can take up many megabytes of diskspace.

Incremental Backup: An Incremental Backup creates a copy of files that have changed

(modified, added to, or created) since the last backup was performed. This method can be usedin conjunction with full and partial backups to maximise protection and minimise cost.

Differential Backup: A Differential Backup creates a copy of files that have changed (modified,added to, or created) since a specific date and time. This method is also used in conjunctionwith full and partial backups to maximise protection and minimise cost.

4. Policy Statement Backups of all UNSW@ADFA data and software must be retained such that

computer operating systems and applications are fully recoverable. This may beachieved using a combination of image copies, incremental backups, differentialbackups, transaction logs, or other techniques.

The frequency of backups is determined by the volatility of data; the retention periodfor backup copies is determined by the criticality of the data. At a minimum, backupcopies must be retained for 180 days.

At a minimum, one fully recoverable version of all data must be stored in a secure,off-site location. An off-site location may be in a secure space in a separateUniversity building, or with an off-site storage vendor approved by the Manager,ICTS. The practice of taking backup media to the personal residence of staff is notacceptable.

Derived data should be backed up only if restoration is more efficient than creationin the event of failure.

All UNSW@ADFA information accessed from workstations, laptops, or otherportable devices should be stored on networked file server drives to allow for

backup. UNSW@ADFA information located directly on workstations, laptops, orother portable devices should be backed up to networked file server drives.Convenience data or other information which does not constitute UNSW@ADFAdata does not carry this requirement.

Required backup documentation includes identification of all critical data, programs,documentation, and support items that would be necessary to perform essential tasksduring a recovery period. Documentation of the restoration process must includeprocedures for the recovery from single-system or application failures, as well as fora total data centre disaster scenario, if applicable.

Backup and recovery documentation must be reviewed and updated regularly toaccount for new technology, business changes, and migration of applications toalternative platforms.

Recovery procedures must be tested on an annual basis.


3/4

Page 3 of 4


4.1 Roles and ResponsibilitiesNon-compliance with this policy could severely impact the operation of the institution byexposing the University to permanent loss of University data leading to loss of financialrecords, students' records, research material and/or University and research funds. It mayalso expose the individual or the University to legal action.

5. Legal & Policy FrameworkElectronic records are subject to the full range of laws applying to electronic communicationsand to recordkeeping, including copyright, breach of confidence, defamation, privacy,contempt of court, harassment, vilification and anti-discriminationlegislation, the creation ofcontractual obligations, telecommunications and criminal laws.The management of electronic records must take into account UNSW policies andguidelines.

Certain laws and agreements require the University to give access to records or theinformation contained therein to parties outside the UNSW community. These includedefence, telecommunications and freedom of information legislation, other legal rules (e.g.concerning subpoenas), and agreements with external internet suppliers that govern thetransmission of email and publication by electronic means.

6. ImplementationIt is the role of the School or Centre data custodian to ensure an adequate data Backup andRestoration Plan is in place.

6.1 Support and AdviceUNSW@ADFA ICTS provides advice and assistance in developing backup strategies forSchools and Centres upon request. The contact for such advice is the ICTS InfrastructureSupport Services Manager.

6.2 ProceduresThis policy provides guidelines for establishing backup procedures. Exceptions to thestandard procedure are subject to written approval by the Manager, ICTS. Approvals forexceptions must be lodged by the School or Centre data custodian in writing, signed bythe Head of School or Centre, to the Manager, ICTS. All exceptions must be fullydocumented. The standard procedure for systems backup is as follows:

1. A full systems backup must be performed weekly. Weekly backups must be savedfor a full month.

2. The last weekly backup of the month must be saved as a monthly backup. Theother weekly backup media can be recycled for other uses or destroyed.

3. Monthly backups must be saved for a minimum of 180 days, at which time themedia can be recycled or destroyed.

4. Incremental backups must be performed daily. Incremental backups must beretained for two weeks, at which time the media can be recycled or destroyed.

5. All backups must be stored in a secure, off-site location. Proper environmentcontrols, temperature, humidity and fire protection, must be maintained at thestorage location.

6. All backup media that is not reusable must be thoroughly destroyed in anapproved manner. Backup media that is used for other purposes must bethoroughly erased.

7. Periodic tests of the backups must be performed to determine if files can berestored.

6.3 Guidelines and FormsDOCUMENTATION: Documentation is necessary for orderly and efficient data backup

and restoration. The data custodian should fully document the following items for eachgenerated data backup:


4/4

Page 4 of 4


Date of data backup; Type of data backup (incremental, full); Number of generations; Responsibility for data backup; Extent of data backup (files/directories); Data media on which the operational data are stored; Data media on which the backup data are stored; Data backup hardware and software (with version number); Data backup parameters (type of data backup etc.); and Storage location of backup copies.

RESTORATION OF DATA: The restoration of data using data backups must be tested atirregular intervals, at least after every modification to the data backup procedure. It mustat least once be proven that complete data restoration is possible (e.g. all data containedin a server must be installed on an alternative server using substitute reading equipment tothe data backup writing equipment). This ensures reliable testing as to whether:

Data restoration is possible; The data backup procedure is practicable; There is sufficient documentation of the data backup, thus allowing a substitute to

carry out the data restoration if necessary; and The time required for the data restoration meets the availability requirements.

6.4 Communication StrategyAny changes or modifications to this policy are to be discussed within ITMAC and thenratified by ITIAC.

7. EvaluationThe policy and its implementation is evaluated regularly. The first review of the policy will takeplace twelve months from adoption. The method of evaluation shall be via peer review whichwill incorporate all data custodians and ICTS. Evaluation criteria include the degree ofcompliance with the policy and the extent to which UNSW@ADFA data is backed up.