Policy Reference


Category Systems Continuity and Disaster Recovery
Approval Date  01-29-2010
Scope All Personnel

Purpose

The purpose of this policy is to ensure a back-up copy of business data is stored in a secure, offsite location.   This back-up copy should be  ready and available in the event of a disaster.


 

Policy

  1. ITS  will ensure that all city owned data and electronic information is backed up on appropriate schedule.   A backup procedure will be maintained and standards will be followed which dictate the frequency and type of backups that are required.
  2. Backup schedules and methods will take into consideration the confidentiality, change frequency, volume and related business requirements for the data being backed up.
  3. ITS  will store a set of all backup media in an off site and secure location.  
  4. ITS  will review the security of off site storage facilties on at least an annual basis.


Compliance

  1. The organization must store all backups securely, preferably offsite. The security of the storage facility must be reviewed at least annually.
    Verify that the backup facility location is reviewed at least annually to ensure the backup media is stored securely.
    § 9.5.a, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 1.2
  2. Backup media should be stored at a site that is located away from the main site. This will prevent the backup media from being damaged if there is a disaster at the main site. § 9.1.4, § 10.5.1, ISO/IEC 27002-2005 Code of practice for information security management