Prairie View A&M University

Backup/Recovery

1. General

Electronic backups are a requirement to enable the recovery of data and applications in case of events such as natural disasters, system disk drive failures, corruption, data entry errors, or system operations errors. The purpose of the University backup/recovery procedure is to establish the process for the backup and storage of information resources.

2. Applicability

This procedure applies to all University resources that contain mission critical information. The purpose of this procedure is to provide a set of measures that will mitigate information security risks associated with Backup/Recovery of information resources. The intended audience is all University staff responsible for the support and operation of University information resources which contain mission critical information.

3. Definitions

  • Information Resources (IR): the procedures, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.
  • Mission Critical Information: information that is defined by the University or information resource owner to be essential to the continued performance of the mission of the University or department. Unavailability of such information would result in more than an inconvenience. An event causing the unavailability of mission critical information would result in consequences such as significant financial loss, institutional embarrassment, and failure to comply with regulations or legal obligations, or closure of the University or department.

 

4. Procedure
  1. The frequency and extent of backups shall be determined by the importance of the information, potential impact of data loss/corruption, and risk management decisions by the data owner (Department Heads and Information Security Administrators).
  2. Mission critical information backup and recovery processes for each system, including those for offsite storage, shall be documented and reviewed periodically.
  3. Physical access controls implemented at offsite backup storage locations.
  4. Processes must be in place to verify that the actual offsite storage of mission critical data is taking place.
  5. Backups shall be periodically tested to ensure that they are recoverable.

 
All content ©Prairie View A&M University2012
All rights reserved.