Information Resources Use and Security Policy

Next Previous

5. Backup Recovery of Systems and Data

Backups are a business requirement to enable the recovery of data and applications in the case of events such as natural disasters, system disk drive failures, espionage, data entry errors, human error, or systems operations errors. The university requires the following backup practices, as warranted by the Data Classification Standard and commensurate with the risk and value of the system and data:

5.1. All university data, including data associated with research, must be backed up in accordance with risk management decisions implemented by the Data Owner (see Section 9). The university's Office of Internal Audit periodically reviews backup plans.

5.2. Each college, school, or unit responsible for a system(s) maintains a recovery plan that is reviewed periodically by the university's Office of Internal Audit. The recovery plan includes the following:

5.2.1. Procedures for recovering data and applications in the case an unexpected event occurs such as a natural disaster, power or system disk failure, espionage, data entry error, human error, or other systems operation errors;
5.2.2. Assignments of operational responsibility for backup of all systems connected to the respective network;
5.2.3. Requirements for off-site storage needs;
5.2.4. Physical and network access controls for on-site and off-site storage;
5.2.5. Processes to ensure backups are viable and can be recovered (for example, routine testing of backup and recovery procedures.)