DATA BACKUP POLICY

UNSW@ADFA Policy
Document Number Responsible Officer Contact Officer Authorisation Effective Date Modifications Superseded Documents Review Commencement Date Associated Documents UNSWADFA001 Manager, ICTS ICTS Infrastructure Support Services Manager. (email via ICTS Service Desk/ phone 02 6268 8140) IT Infrastructure Advisory Committee Date:xxxxx 9 November 2008 New policy Twelve months from commencement date
UNSW Electronic Record-Keeping Policy www.infonet.unsw.edu.au/poldoc/electronic_recordkeeping.htm

1. Preamble
1.1

Purpose
The purpose of this policy is to define the need for performing periodic computer system backups to ensure that mission critical administrative applications, system data and archives, users' data and archives are adequately preserved and protected against data loss and destruction.

1.2

Background
Data can be destroyed by system malfunction or accidental or intentional means. Adequate backups allow data to be readily recovered as necessary. The ongoing availability of University data is critical to the operation of the institution. In order to minimise any potential loss or corruption of this data, units responsible for providing and operating administrative applications or file storage services need to ensure that data is adequately backed up by establishing and following an appropriate system backup procedure. Having a streamlined data backup policy is fundamental to the formation of an effective Business Continuity Plan (BCP).

2. Scope
Data custodians are responsible for providing adequate backups to ensure the recovery of electronic information (includes UNSW@ADFA data and software) in the event of failure. These backup provisions allow University business processes, including the research enterprise to be resumed in a reasonable amount of time with minimal loss of data. Since failures can take many forms, and may occur over time, multiple generations of backups should be maintained.

3. Definitions
Administrative Applications, Data and Archives: is the collection of data elements which are relevant to the operations, plans, or management of one or more UNSW@ADFA Schools or Centres. Users' Data and Archives: is the collection of users' data elements located either on desktop equipment or fileservers. System Backup: a documented procedure for copying applications software and data files that reside on computer disks to a portable medium (such as tape or diskette) or to a medium that is physically remote from the originating system.
Page 1 of 4

UNSW@ADFA DATA BACKUP POLICY

Date Effective: 09/11/2008 Version: [0.2: 04/10/2007]

Data Custodian: for the purposes of this policy, a Data Custodian shall be the officer ultimately responsible for the delivery of Information Technology resources to a School or Centre. Three Generation: There are media and storage costs associated with backups. Backup sets do not need to be kept forever and the media is reusable. A popular media rotation plan is called Generation. Using this plan media is kept for three backup cycles. Backups are made on media called son. During each backup cycle, the generations increment; son sets become father sets, father sets become grandfather sets. The grandfather sets are rotated, reused and become son sets. Backup Types: Full Backup: A Full Backup creates a copy of every file on a storage device. This is absolutely the most complete, comprehensive, and fool-proof type of backup. It is also the most costly in terms of effort, time and dollar output. Partial Backup: A Partial Backup creates a copy of selected files on a storage device. The user selects which files to backup and which to skip. This can be almost as comprehensive as a full backup since there are many files that have absolutely no long-term value. Files with no longterm value include temporary files and cache files that can take up many megabytes of disk space. Incremental Backup: An Incremental Backup creates a copy of files that have changed (modified, added to, or created) since the last backup was performed. This method can be used in conjunction with full and partial backups to maximise protection and minimise cost. Differential Backup: A Differential Backup creates a copy of files that have changed (modified, added to, or created) since a specific date and time. This method is also used in conjunction with full and partial backups to maximise protection and minimise cost.

4. Policy Statement
Backups of all UNSW@ADFA data and software must be retained such that computer operating systems and applications are fully recoverable. This may be achieved using a combination of image copies, incremental backups, differential backups, transaction logs, or other techniques. The frequency of backups is determined by the volatility of data; the retention period for backup copies is determined by the criticality of the data. At a minimum, backup copies must be retained for 180 days. At a minimum, one fully recoverable version of all data must be stored in a secure, off-site location. An off-site location may be in a secure space in a separate University building, or with an off-site storage vendor approved by the Manager, ICTS. The practice of taking backup media to the personal residence of staff is not acceptable. Derived data should be backed up only if restoration is more efficient than creation in the event of failure. All UNSW@ADFA information accessed from workstations, laptops, or other portable devices should be stored on networked file server drives to allow for backup. UNSW@ADFA information located directly on workstations, laptops, or other portable devices should be backed up to networked file server drives. Convenience data or other information which does not constitute UNSW@ADFA data does not carry this requirement. Required backup documentation includes identification of all critical data, programs, documentation, and support items that would be necessary to perform essential tasks during a recovery period. Documentation of the restoration process must include procedures for the recovery from single-system or application failures, as well as for a total data centre disaster scenario, if applicable. Backup and recovery documentation must be reviewed and updated regularly to account for new technology, business changes, and migration of applications to alternative platforms. Recovery procedures must be tested on an annual basis.

UNSW@ADFA DATA BACKUP POLICY

Page 2 of 4

Date Effective: 09/11/2008 Current Version: [v0.2, 04/10/2007]

4.1

Roles and Responsibilities

Non-compliance with this policy could severely impact the operation of the institution by exposing the University to permanent loss of University data leading to loss of financial records, students' records, research material and/or University and research funds. It may also expose the individual or the University to legal action.

5. Legal & Policy Framework

Electronic records are subject to the full range of laws applying to electronic communications and to recordkeeping, including copyright, breach of confidence, defamation, privacy, contempt of court, harassment, vilification and anti-discrimination legislation, the creation of contractual obligations, telecommunications and criminal laws. The management of electronic records must take into account UNSW policies and guidelines. Certain laws and agreements require the University to give access to records or the information contained therein to parties outside the UNSW community. These include defence, telecommunications and freedom of information legislation, other legal rules (e.g. concerning subpoenas), and agreements with external internet suppliers that govern the transmission of email and publication by electronic means.

6. Implementation
It is the role of the School or Centre data custodian to ensure an adequate data Backup and Restoration Plan is in place.

6.1

Support and Advice

UNSW@ADFA ICTS provides advice and assistance in developing backup strategies for Schools and Centres upon request. The contact for such advice is the ICTS Infrastructure Support Services Manager.

6.2

Procedures
This policy provides guidelines for establishing backup procedures. Exceptions to the standard procedure are subject to written approval by the Manager, ICTS. Approvals for exceptions must be lodged by the School or Centre data custodian in writing, signed by the Head of School or Centre, to the Manager, ICTS. All exceptions must be fully documented. The standard procedure for systems backup is as follows: 1. A full systems backup must be performed weekly. Weekly backups must be saved for a full month. 2. The last weekly backup of the month must be saved as a monthly backup. The other weekly backup media can be recycled for other uses or destroyed. 3. Monthly backups must be saved for a minimum of 180 days, at which time the media can be recycled or destroyed. 4. Incremental backups must be performed daily. Incremental backups must be retained for two weeks, at which time the media can be recycled or destroyed. 5. All backups must be stored in a secure, off-site location. Proper environment controls, temperature, humidity and fire protection, must be maintained at the storage location. 6. All backup media that is not reusable must be thoroughly destroyed in an approved manner. Backup media that is used for other purposes must be thoroughly erased. 7. Periodic tests of the backups must be performed to determine if files can be restored.

6.3

Guidelines and Forms

DOCUMENTATION: Documentation is necessary for orderly and efficient data backup and restoration. The data custodian should fully document the following items for each generated data backup:
Page 3 of 4

UNSW@ADFA DATA BACKUP POLICY

Date Effective: 09/11/2008 Current Version: [v0.2, 04/10/2007]

Date of data backup; Type of data backup (incremental, full); Number of generations; Responsibility for data backup; Extent of data backup (files/directories); Data media on which the operational data are stored; Data media on which the backup data are stored; Data backup hardware and software (with version number); Data backup parameters (type of data backup etc.); and Storage location of backup copies.

RESTORATION OF DATA: The restoration of data using data backups must be tested at irregular intervals, at least after every modification to the data backup procedure. It must at least once be proven that complete data restoration is possible (e.g. all data contained in a server must be installed on an alternative server using substitute reading equipment to the data backup writing equipment). This ensures reliable testing as to whether: Data restoration is possible; The data backup procedure is practicable; There is sufficient documentation of the data backup, thus allowing a substitute to carry out the data restoration if necessary; and The time required for the data restoration meets the availability requirements.

6.4

Communication Strategy
Any changes or modifications to this policy are to be discussed within ITMAC and then ratified by ITIAC.

7. Evaluation
The policy and its implementation is evaluated regularly. The first review of the policy will take place twelve months from adoption. The method of evaluation shall be via peer review which will incorporate all data custodians and ICTS. Evaluation criteria include the degree of compliance with the policy and the extent to which UNSW@ADFA data is backed up.

UNSW@ADFA DATA BACKUP POLICY

Page 4 of 4

Date Effective: 09/11/2008 Current Version: [v0.2, 04/10/2007]