To provide guidelines in the development of an IT System and Data Backup Restoration plan.

In accordance with the COV ITRM 501-01, an IT System and Data Backup Restoration Plan must be implemented to create a comprehensive backup plan including standards and operational procedures executed during a system backup. This plan shall also include standards and operational procedures executed during system restoration.

The IT System and Data Backup and Restoration section is applicable to the System Office and all Colleges.

An IT System and Data Backup and Restoration plan is mandatory for ensuring the availability and reliability of VCCS and individual college data. Various backup systems, media, and methods may be used to create a comprehensive backup plan. Impacts from the Business Impact Analysis and Risk Assessment processes should be reviewed to assist in determining backup priorities.

Store all media backups off site in a secure, environmentally controlled facility. The alternate site should be located far enough away from the primary site to reduce the likelihood of one disaster affecting all sites. All backup media should be uniquely labeled so that media can be quickly obtained in the event of an emergency. Provide the address and emergency contact information for the alternate facility.

Only authorized personnel should perform backups and restoration. Authorized personnel must review backup logs after the completion of each backup to verify that the backup was successful. This person should be different from the person who performed the backup to verify that the backup was completed properly. The System Owner must designate all personnel who are authorized to perform backups and reviews.

Backup schedules must be documented and approved by the System Owner. For each system and data type identify the backup schedule and type of backup used. Type of backup information in the schedule may include:

• Frequency (hourly, daily, weekly, monthly).

• Full, incremental, or differential backup.

• Type of backup media. This is dependent on what is being backed up. A backup of PC data most likely requires different media and methods than a backup of servers.

  • PC backup media and methods may include floppy disks, tape drives, removable cartridges, compact disks, replication, and imaging.

  • Server backup media and methods may include RAID (mirroring, parity, striping), electronic vaulting, server load balancing, disk replication (synchronous or mirroring, asynchronous or shadowing), and storage virtualization.

Emergency backup and restoration operation procedures must be reviewed and approved by the System Owner. The System Owner should be identified and included in all contingency planning processes for emergency backup and restoration.

Proper electronic (encryption measures for example) or physical security measures (additional insurance or locked transport case for example) must be taken for all backup media that is sent electronically, mailed, or physically transported off site.