Governance

Policies and procedures

Policy No.
UP13/4
Function
Technology And Telecommunications
Authoring Organisational Unit
Policy and Planning - IT Services
Date Approved
01/06/2012
Next Review Date
01/06/2015
Approving Body
Vice-Chancellor

­­The University of Western Australia

University Policy on: Data Backup & Recovery

Purpose of the policy and summary of issues it addresses:

To protect against the loss of data in the event of physical disaster or other incident which may lead to the loss of data (e.g. data corruption), the University requires all institutional data to be backed up appropriately.

The purpose of this policy is to describe the minimum controls required for data backup regimes, to safeguard against the loss of data that may occur due to hardware or software failure, physical disaster or human error.

The University requires all staff to be responsible for the management of institutional data and records under their control in accordance with the University's Record Keeping Plan. Staff should not rely solely on backup of data to fulfil their responsibilities of record keeping because backups are primarily for the purposes of recovering data in the event of a disaster such as fire or flood.

Data backups are not intended to serve as archival copies of data or to meet the University's record keeping and/or retention requirements.

Definitions:

Information Services is the University division that is responsible for the provision of backup and recovery services for data held in the Institutional Data Centre.

Granularity is the frequency with which data is backed up. Data that is present for less than this time period may not be captured by the backup process and hence may not be recoverable.

Retention is the length of time a backup is kept. At the end of the retention period the backup is deleted.

Policy statement:

This policy applies to all staff within Faculties, Schools and Administrative Areas and third parties who process and/or store Institutional data.

Information Services is responsible for the backup and recovery of data held in the Institutional Data Centre. However, data custodians are responsible for ensuring that appropriate backup schedules are arranged with Information Services as appropriate for the data for which they are responsible.

The responsibility for backing up data held outside the Institutional Data Centre on any computer or device, regardless of whether owned privately or by the University, falls entirely on the owner/user of the device.

Staff should consult their local Information Technology service desk about backup procedures for such computers or devices.

1 Backup and Recovery Rules

The University requires that all institutional data is backed up according to the following rules:

1.1 Records must be kept of what data is backed up and where it is backed up.

1.2 Backup schedules must be maintained.

1.3 Backup media must be clearly labelled.

1.4 Backups should be stored at a geographically diverse location from the primary location of the data.

1.5 Recovery procedures for the restoration of data must be kept up to date.

1.6 Six monthly testing of recovery procedures (restoring data from backup copies) must be undertaken to ensure that they can be relied on in an emergency or disaster situation.

1.7 Records of all the above must be kept for audit purposes.

2 Backup and Recovery Schedules

The University requires that all institutional data is backed up according to the following schedules:

2.1 Backup of structured data (application data and databases).

Every day a data backup is taken and retained for 14 days.

Data created or deleted less than 24 hours between backups or data deleted more than 14 days before the backup was created cannot be recovered.

The following schedule provides for data to be restored with at most one working days data missing.

Granularity

Retention

Location

Length of time between backed up copies

Length of time the backup copy is kept

Location of the backed up copy

1 day

14 days

Secondary Data Centre

2.2 Backup of unstructured data (email and documents stored in electronic files)

This schedule is required to protect against accidental deletion of files that could go unnoticed for more than two weeks (staff and student documents, emails and lecture recordings are examples).

Custodians of structured data (applications and databases) that require additional protection offered by this backup schedule should request that their data be backed up in accordance with this schedule.

Granularity

Retention

Location

Length of time between backed up copies

Length of time the backup copy is kept

Location of the backed up copy

1 day

14 days

Secondary Data Centre

1 week

30 days

Secondary Data Centre

1 month

90 days

Secondary Data Centre

2.3 Backup of development and test data

This schedule is required to protect against the accidental deletion of development source code and/or test data. A backup is taken once a week and will be retained for 4 weeks.

Data created and deleted within a period of less than one week between backups or data deleted or lost more than 4 weeks previous to the backup will not be recoverable.

Granularity

Retention

Location

Length of time between backed up copies

Length of time the backup copy is kept

Location of the backed up copy

1 week

4 weeks

Secondary Data Centre

Related forms: (Link)

TRIM File No:

F53791

Contact position:

IT Policy Officer

Related Policies or legislation: