Document Control
| Rev. | Author | Date | Comments |
| 0.1 | Richard Bartlett | 23 Mar 2016 | Submitted to School IT Committee for approval |
| 1.0 | Richard Bartlett | 12 Apr 2016 | IT Committee approved final version |
Introduction
The School Minimum Standard of IT Service states that;
“Teaching, research and administrative data is stored centrally (not on the desktop hard drive or removable storage), protected against unauthorised access and accidental disclosure, and backed up to a separate storage system to protect against data loss in the event of a system failure”
This policy sets out the School’s policy on data backup, stipulating not how backups should be maintained or exactly what data should be backed up, but the process each department should go through to establish an appropriate backup procedure for their data.
Scope
This policy covers all departments, institutes and units in the School of Clinical Medicine at the University of Cambridge, including any transferred to the School, and any cross-School Institutions (e.g. the Stem Cell Institute)
The policy covers all data obtained or created as part of Research, Teaching or Administration activities by staff at any of the Institutions within scope.
This policy does not address the activity of archiving data (storage in the long term), it only addresses the requirement to backup data in such a way that it can be retrieved in the event that the original copy is lost, corrupted, or damaged in some other way (e.g. by malware).
Principles
All data should be backed up according to its value to the Institution, the cost of recreating the data, any financial costs or penalties which might be incurred as a result of data loss or corruption, and the risk of data loss or corruption.
The purpose of data backup is purely to allow the Institution to continue its activity after a data loss incident, by retrieving some or all of the data lost, ideally from a point in time backup taken within the last 24 hours. Data backup is different from archiving, which is the practice of storing data which is no longer required for reference purposes only.
There are two key measures which should be considered when designing a backup solution;
- Recovery Point Objective (RPO)
This is a way of expressing the maximum acceptable age of backup which could be restored in the event of a data loss incident. The Recovery Point is how many hours or days old the backup can be, and in effect is a way of deciding how much permanent data loss is acceptable. For example, if the RPO is 24 hours then a nightly backup would be reasonable, as a successful backup would only ever be up to 24 hours old. If the RPO is 4 hours, then more frequent mirroring of data would be required throughout the day.
- Recovery Time Objective (RTO)
This is a way of expressing the maximum time it would take to recover from the data loss incident, which is primarily the amount of time required to restore the files from whatever backup medium they were stored on.
- Resilience
This is the capability of the backup solution to remain functioning in the event of different types of failure or damage. For example, a fire, flood or facility failure may well cause damage to data including backup media in your server room, so you may decide to mirror data to a second off site location to be able to guarantee the availability of your data in that event.
Process
The recommended process for designing a backup solution is as follows;
| Activity | Result |
| Document your information assets | You know what data needs to be backed up |
| Document the value of your information assets | You know the cost of recreating the data, or the financial penalties which may be imposed as a result of data loss |
| Document the configuration of your storage | You know where data is stored |
| Decide your Recovery Point Objective or Objectives | You agree how much data loss is acceptable, which may be different for different types of data |
| Decide your Recovery Time Objective or Objectives | You agree how quickly data needs to be restored in the event of a data loss incident |
| Decide the level of resilience required | You agree what business continuity events are possible and the extent to which you must be able to recover from them |
| Document the security requirements your backup solution must comply with | You understand what obligations the law, government departments, public bodies and funding bodies may require the Institution to fulfil (including confidentiality, integrity and availability of data backups). |
| Complete gap analysis between current implementation and requirements | You know how much you need to do to meet the requirements (RTO, RPO, resilience, security) already defined |
| Source and implement appropriate solution/s | You implement whatever solutions are required to fulfil your requirements |
| Document your solution | Your implementation is fully documented to facilitate proper operation, periodic review and staff training. |
| Train your staff | All staff should understand the value of the data they hold, their responsibilities in handling that data, and what data recovery options are available to them. |
Management and Review
It is recommended that Institution staff with sufficient authority and understanding are made responsible for the Institution data backup, though they may delegate the control of the backup to less senior staff.
Any backup solution should be tested fully at the point it is implemented, and thereafter at least annually to ensure that it is operational, and can fulfil its objectives in the event of a data loss incident. Due to the potential variety of data loss incidents and complexity of data backup solutions it is recommended that a backup test plan is developed, to ensure that small and large data loss incident scenarios are tested.
Data backup solutions should be reviewed at least every two years to ensure that they still meet the Institution’s requirements, that any changes in objectives, storage solution or security requirements are understood and the solution modified as appropriate.
