Author Stuart Barker
Backup, backup and check up
Let’s face it, things sometimes go wrong! At best, you’re going to delete the wrong files. At worst, you’re going to get a computer virus that deletes them for you! But you’re smart! You’ve ensured there’s a back-up process in place and for the last X months/years data has been backed up and stored securely in another location so all you need to do is restore it.
But this is where it all goes wrong. Backup software/systems are just as prone to problems as any other. It’s vital that you back up your systems, but it’s equally important to TEST your back up! Don’t leave it to chance so follow a few simple tips and you’ll get your back up when you need it, not get your backup in frustration!
- First tip – Please make sure you have a back up process in place!
- Don’t trust your backup is working as expected – you need to test it by restoring files on a frequent basis
- Make sure your backups are stored securely – encrypt them if possible
- Backup not just your ‘data’ but the tools too (I’ve lost count how companies say “Our Customer data is backed up. But we don’t backup the customer database itself.”)
We know that contingency planning is important and the most basic step is to have a copy, a back up of the most important files that we need. Don’t leave it to chance. Don’t just have a back up – make sure you give it a check up.
Speak to a member of the team now on
03455 760 999
We would love to help you, ask for Stuart:
What ISO 27001 has to say about backups
ISO 27001 back up
ISO 27001 is the international standard for information security. It is an information security management system.
Sections 12.3.1 Information backup
ISO 27001 back up forms part of section 12.3.1.
Backup copies of information, software and system images should be taken and tested regularly in accordance with an agreed backup policy.
The backup policy should define the retention and protection requirements.
Adequate backup facilities should be provided to ensure that all essential information and software can be recovered following a disaster or media failure.
A backup policy should be established to define the organization’s requirements for backup of information, software and systems.
When designing a backup plan, the following items should be taken into consideration:
a) accurate and complete records of the backup copies and documented restoration procedures should be produced;
b) the extent (e.g. full or differential backup) and frequency of backups should reflect the business requirements of the organization, the security requirements of the information involved and the criticality of the information to the continued operation of the organization;
c) the backups should be stored in a remote location, at a sufficient distance to escape any damage from a disaster at the main site;
d) backup information should be given an appropriate level of physical and environmental protection (see Clause 11) consistent with the standards applied at the main site;
e) backup media should be regularly tested to ensure that they can be relied upon for emergency use when necessary; this should be combined with a test of the restoration procedures and checked against the restoration time required. Testing the ability to restore backed-up data should be performed onto dedicated test media, not by overwriting the original media in case the backup or restoration process fails and causes irreparable data damage or loss;
f) where confidentiality is of importance,backups should be protected by means of encryption.
Operational procedures should monitor the execution of backups and address failures of scheduled backups to ensure completeness of backups according to the backup policy.
Backup arrangements for individual systems and services should be regularly tested to ensure that they meet the requirements of business continuity plans. In the case of critical systems and services, backup arrangements should cover all systems information, applications and data necessary to recover the complete system in the event of a disaster.
The retention period for essential business information should be determined, taking into account any requirement for archive copies to be permanently retained.