Data Backup and Storage
Last changed: 2013-02-19 01:04:25
Overview and Purpose
Electronic backups are a business requirement to enable the recovery of data and applications in the case of events such as natural disasters, system disk drive failures, espionage, data entry errors, or system operations errors.
The purpose of the Asset Handlin Data Backup and Storage Policy is to establish the rules for the backup and storage of Asset Handlings electronic information.
The Asset Handling Data Backup and Storage Policy applies to all individuals within the Asset Handling enterprise who are responsible for the installation and support of Information Resources, individuals charged with Information Resources Security; and data owners.
Information Services may have existing contracts for offsite backup data storage. These services can be extended to all Asset Handling entities upon request.
•The frequency and extent of backups must be in accordance with the importance of the information and the acceptable risk as determined by the data owner.
•The Asset Handling Information Resources backup and recovery process for each system must be documented and periodically reviewed.
•Any vendor(s) providing offsite backup storage for Asset Handling must be cleared to handle the highest level of information stored.
•Physical access controls implemented at offsite backup storage locations must meet or exceed the physical access controls of the source systems. Additionally backup media must be protected in accordance with the highest [variable: Covered Organization] sensitivity level of information stored.
•A process must be implemented to verify the success of the Asset Handling electronic information backup.
•Backups must be periodically tested to ensure that they are recoverable.
•Signature cards held by the offsite backup storage vendor(s) for access to Asset Handling backup media must be reviewed annually or when an authorized individual leaves Asset Handling
•Procedures between [variable: Covered Organization] and the offsite backup storage vendor(s) must be reviewed at least annually.
•Backuptapes must have at a minimum the following identifying criteria that can be readily identified by labels and/or a bar-coding
•Sensitivity Classification [Based on applicable electronic record retention regulations.] •Asset Hnadling Contact Information
Violation of this policy may result in disciplinary action, including but not limited to performance penalties, employment termination, contract invalidation, civil action, and criminal prosecution. Additionally, violators may lose access privileges to [variable: Covered Organization] Information Resources.
•Copyright Act of 1976
•Foreign Corrupt Practices Act of 1977
•Computer Fraud and Abuse Act of 1986
•Computer Security Act of 1987
•The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
•The State of Texas Information Act
•Texas Government Code, Section 441
•Texas Administrative Code, Chapter 202
•IRM Act, 2054.075(b)
•The State of Texas Penal Code, Chapters 33 and 33A
•DIR Practices for Protecting Information Resources Assets
•DIR Standards Review and Recommendations Publications