PUBLIC

1.1

Information Security Document

Information Backup And Restore Policy

Version 3.0
Derbyshire County Council Information Backup & Restore Policy

PUBLIC

Version History Version Date 1.0 !"0#" 011 1.0 '"0(" 011 .0 #.0 !"0(" 01 #1"0!" 01#

Detail Complete$ for $istribution )ppro*e$ by Information +o*ernance +roup Re*ie,e$ by Information +o*ernance +roup Re*ie,e$ by Information +o*ernance +roup

Author %o &hite %o &hite %o &hite %o &hite

his document has !een prepared usin" the follo#in" IS$%&00' standard controls as reference(

IS$ )ontrol
).-. .1 )./.1.1 0 ! )./. .' ).10.1.1 ).10.1.# ).10.!.1 ).10.-.1 ).10.-. ).10.4.#

Description
Classification .ui$elines 1ecure areas 1ecure $isposal or reuse of e2uipment Documente$ operatin. proce$ures 1e.re.ation of $uties Information backup 3ana.ement of remo*able me$ia Disposal of me$ia Physical me$ia in transit

Derbyshire County Council Information Backup & Restore Policy

PUBLIC

Introduction

I5 5eam has a $uty to ensure that all information an$ $ata ,hich it is responsible for is securely an$ routinely backe$ up. 5he I5 5eam has a responsibility to ensure that information an$ $ata ,hich has been backe$ up can be restore$ in the e*ent of $eletion6 loss6 corruption6 $ama.e or ma$e una*ailable $ue to unforeseen circumstances.

Purpose

5he purpose of this policy is to i$entify an$ establish processes6 proce$ures an$ .oo$ ,orkin. practices for the backup an$ timely reco*ery of the company $ata.

Scope

5he scope of this policy e7ten$s to the back8up of all important information an$ $ata re.ar$less of the form it takes 8 inclu$in. the reco*ery of I5 systems an$ supportin. infrastructure.

Policy Statement

5here is al,ays a risk that systems an$"or proce$ures ,ill fail resultin. in loss of access to information6 $ata an$ systems6 $espite the implementation of best practice. 5he follo,in. steps ,ill help ensure the us to $ata is backe$ up an$ restore$ securely in the most efficient manner possible9 I5 1:15;31"D)5) B)C<UP1 1. 5he system a$min are responsible for pro*i$in. system support an$ $ata backup tasks an$ must ensure that a$e2uate backup an$ system reco*ery practices6 processes an$ proce$ures are follo,e$ in line ,ith the Disaster Reco*ery Proce$ures an$ $epartmental $ata retention policies. . )ll I5 backup an$ reco*ery proce$ures must be $ocumente$6 re.ularly re*ie,e$ an$ ma$e a*ailable an$ responsible for performin. $ata an$ I5 system backup an$ reco*ery #. )ll $ata6 operatin. systems"$omain infrastructure state $ata an$ supportin. system confi.uration files must be systematically backe$ up 8 inclu$in. patches6 fi7es an$ up$ates ,hich may be re2uire$ in the e*ent of system re8installation an$"or confi.uration (. )ll backup me$ia must be encrypte$ an$ appropriately labele$ ,ith $ate"s an$ co$es"markin.s ,hich enables easy i$entification of the ori.inal source of the $ata an$ type of backup use$ on the me$ia. )ll encryption keys shoul$ be kept securely at all times ,ith clear proce$ures in place to ensure that backup me$ia can be promptly $ecrypte$ in the e*ent of a $isaster !. )ll backups i$entifie$ for lon. term stora.e must be store$ at a remote secure location ,ith appropriate en*ironmental control an$ protection to ensure the inte.rity of all backup me$ia U1;R R;1P=>1IBILI5I;1 Users also ha*e a responsibility to ensure the $ata is securely maintaine$ an$ is a*ailable for backup9 1. Users must not store any $ata"files on the local c9? $ri*e of a computer @this e7clu$es the normal functionin. of the &in$o,s operatin. system an$ other authorise$ soft,are ,hich re2uire the Acachin.B of files locally in or$er to
Derbyshire County Council Information Backup & Restore Policy

PUBLIC functionC. Instea$6 Users must sa*e $ata @filesC on their allocate$ areas"$ri*es @i.e8D or ;C . =nly Council authorise$ encrypte$ U1B $ata sticks shoul$ be use$ an$ any $ata store$ must be for temporary purposes. )ll sensiti*e6 business an$ personal i$entifiable information shoul$ be remo*e$ from the U1B $ata stick an$ mo*e$ to an appropriate Council $ata net,ork location as soon as possible in or$er to ensure the $ata is ma$e a*ailable to the Council an$ can be successfully backe$ up #. 3obile phones must not be use$ to store sensiti*e6 business or personal i$entifiable information. In the e*ent of unforeseen or una*oi$able situations lea$in. to important $ata bein. store$ on mobile phones6 the $ata must be store$ to a suitable Council net,ork location an$ remo*e$ from the phone as soon as possible. D)5) R;15=R;1 5he Council has ,ell establishe$ backup an$ restore routines in place. Data @fileC restores are normally carrie$ out by the 1er*er 1upport 5eam ,ho ,ill en$ea*our to restore files from a $ate specifie$ by the user or from the nearest backe$ up $ate 1. I5 Users must re2uest $ata @filesC to be restore$ by contactin. the 5ransformation 1er*iceBs 1er*ice Desk. =nly files ,hich the user is authorise$ to access ,ill be pro*i$e$ from the restore . 5he 5ransformation 1er*iceBs 1er*ice Desk ,ill nee$ to *erify that the User has permission an$"or authorisation to *ie, or obtain restore$ copies of file"s an$"or fol$er"s #. Users re2uestin. a restore"s are re2uire$ to pro*i$e as much information about the $ata @file"sC as necessary D this ,ill inclu$e9 5he reason for the restore 5he name of file"s an$"or fol$er"s to be restore$ =ri.inal location of file"s an$"or fol$er"s 8 the 1er*ice Desk ,ill pro*i$e .ui$ance to the User on ho, to fin$ this out Date6 $ay or time of $eletion"corruption or nearest appro7imation 5he last $ate6 $ay or time ,hich the User recalls the $ata @filesC bein. intact an$ accesse$"use$ successfully

(. )ll backup an$ reco*ery @restoreC proce$ures must be $ocumente$ an$ ma$e a*ailable to Data Centre personnel responsible for carryin. out $ata @fileC restores !. Re2uests from thir$ party soft,are"har$,are *en$ors for file or system restores for the purpose of system support6 maintenance6 testin. or other unforeseen circumstance shoul$ be ma$e un$er the super*ision of the 1er*er 1upport 5eam *ia the CouncilBs 5ransformation 1er*iceBs 1er*ice Desk '. Personnel accessin. backup me$ia for the purpose of a restore must ensure that any me$ia use$ is returne$ to a secure location ,hen no lon.er re2uire$ @applies to me$ia from both Council an$ remote stora.e locationsC -. ) lo. must be maintaine$ to recor$ the use of backup me$ia ,hene*er it has been re2ueste$ an$"or use$ from secure stora.e he Data )entre is a sensiti,e area and specific technical information re"ardin" the detail of !ackup and restore procedures is held !y the Data )entre -ana"er
Derbyshire County Council Information Backup & Restore Policy

PUBLIC

Breaches $f Policy

Breaches of this policy an$"or security inci$ents can be $efine$ as e*ents ,hich coul$ ha*e6 or ha*e resulte$ in6 loss or $ama.e to Council assets6 or an e*ent ,hich is in breach of the CouncilBs security proce$ures an$ policies. )ll Council employees6 electe$ members6 partner a.encies6 contractors an$ *en$ors ha*e a responsibility to report security inci$ents an$ breaches of this policy as 2uickly as possible throu.h the CouncilBs Inci$ent Reportin. Proce$ure. 5his obli.ation also e7ten$s to any e7ternal or.anisation contracte$ to support or access the Information 1ystems of the Council. 5he Council ,ill take appropriate measures to reme$y any breach of the policy an$ its associate$ proce$ures an$ .ui$elines throu.h the rele*ant frame,orks in place. In the case of an in$i*i$ual then the matter may be $ealt ,ith un$er the $isciplinary process.

This document forms part of the Council's ISMS Policy and as such, must be fully complied with.

Derbyshire County Council Information Backup & Restore Policy