Skip to content. | Skip to navigation

Personal tools
This is Lite Plone Theme
You are here: Home / Documentation / ISO27002 / 12.3 Make backup copies on a regular basis

12.3 Make backup copies on a regular basis

Version history
No Updated Update by Title Approved Approved by Public
1.0 2013-09-20 Bo Pedersen Initial version
2.0 2018-07-18 Bo Pedersen v2013-update 2018-07-19 Kaj Anker Jørgensen
2.1 2018-12-11 Bo Pedersen details 2018-12-15 Kaj Anker Jørgensen
2.2 2019-01-08 Bo Pedersen RM-additions

Purpose

This policy defines the strategy for backing up the organisation’s information and software application systems.
The aim of the policy is to ensure that it is always possible to recover the information and application systems.

Scope

This policy applies to all electronic information stored on all PC’s, laptops and servers of SCTP.
The policy also applies to all application systems, the application software and its configuration.

Risks

Information can be lost as a result of crashed disks, deletion, or corruption.
Therefore, integrity and availability of important information needs to be maintained by making regular copies to other media.

Policy

Backup Method

Servers and systems are backed up based on the Tivoli system of Region Midt, an online Internet backup system (tape-based), which reside physically in another location in Jutland (Horsens). When files change up to five different versions are kept in Tivoli for 90 days (according to their latest date of update). When a file is deleted only three versions are kept for 90 days after their latest date of change.


Backups will be performed using dedicated backup software, which is a local tivoli-client, that swipes the filesystem and copies changes every 4 hour.

Files excluded from the Tivoli backup
Server File system EXCLUDE
sc36
/tmp/.../*
/dev/.../*
/media/.../*
/mnt/.../*
sc37
/tmp/.../*
/dev/.../*
/media/.../*
/mnt/.../*
sc38
/tmp/.../*
/dev/.../*
/media/.../*

/mnt/.../*
/usr/lib/oracle/xe/oradata/*

sc39
/tmp/.../*
/dev/.../*
/media/.../*

/mnt/.../*
/usr/lib/oracle/xe/oradata/*

sc40
/tmp/.../*
/dev/.../*
/media/.../*

/mnt/.../*

 


Internal RM-dokumentation: http://www.stg.rm.dk/dokumentation/isp/ - contains Danish version of this page.

 

 

Backup & Restore Procedures

Documentation with sufficient detail to allow an experienced user of the backup software to restore data will be produced.

Backup Status

The backup software is configured to automatically alert an administrator as to the status of any backup performed. The backup status will be reviewed on a daily basis and any faults identified will be rectified.

Verification and Restore Testing

Database backups are restored daily. Yesterdays database backup are restored to a temporary device and diff-tested against existing file, which subsequently is restored to a live database-system for integrity testing.

Backup Cycles

A full backup of important systems will be taken every day. Two weeks of backup-files are kept locally on the servers.

Backup Storage

Backup media are securely stored when not in use. Online backups will be held at a data backup center at least 2 km away (Horsens DK) from the data center containing the information being backed up (Skejby DK). The schedule for offsite storage is detailed in a log.

Tape Drive Cleaning

TS3500 tapelibraries in auto clean mode is used.

Application Backup

Use will be made of online backup techniques where they are available to minimise downtime. Full offline backups will be utilised where online backups are not available.

Backup Guidelines

The backups of servers and applications will at a minimum comply with the following guidelines.

Server/Application

Backup Cycle

Media

Linux servers

Every 4 hours

Tivoli

Oracle database

Full backup daily
Incremental every 4 hour

Local files maintained by tivoli

Postgresql

Full backup daily

Local files maintained by tivoli

Mysql (bugzilla)

Full backup daily

Local files maintained by tivoli

Homepage (external server - no confidential data)

Weekly

Local files maintained by tivoli

Backup files of databases are named by dates and kept for two weeks; ie. daily backups are kept for 104 days via Tivoli.

Enforcement

If any member of IT staff is found to have breached this policy, they may be subject to disciplinary action.

Any violation of the policy by a temporary worker, contractor or supplier may result in the termination of their contract or assignment.