Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Version
Approved by
Approval date
Effective date
1.0
7 June 2016
7 June 2016
7 June 2017
Standard Statement
The backup of important information is often the last line of defence in the
event of either accidental or malicious loss or modification of UNSW
information, applications and infrastructure configurations. The purpose of this
standard is to set out the baseline requirements for the backup of UNSW
information systems and data.
Purpose
Scope
Yes
No
Standard
1.
2.
3.
4.
Controls ..................................................................................................................................... 1
1.1
Backup schedule considerations .................................................................................. 1
1.2
Verification of backup processes and investigating failures .........................................2
1.3
Validation of backup media and recovery processes ...................................................2
1.4
Protection of backups and backup media ..................................................................... 2
1.5
Retention and disposal of backups and backup media ................................................2
1.6
Backup media locations and off-site transportation of backup media ..........................2
Control Exceptions .................................................................................................................... 2
ISMS Mapping with Industry Standards ................................................................................... 3
Document Review, Approval & History ..................................................................................... 3
4.1
Quality Assurance ......................................................................................................... 3
4.2
Sign Off ......................................................................................................................... 3
1.
Controls
1.1
What
Backups must be scheduled according to the availability requirements of the information that
is being backed up. A backup schedule must be documented and maintained for all UNSW
systems. Table 1 documents the minimum backup schedules for the identified UNSW data
types.
Backup Schedule
How Often
How
Infrastructure configuration
(network, server, appliance)
Software
(O/S, applications, utilities)
or
or
Full
Incremental
Differential
Magnetic tape
Hard disk
Optical storage
Solid state storage
Data
(files, databases)
Page 1 of 3
1.1.2
1.2
1.3
1.4
1.5
1.6
The backup requirements for information systems and data must be documented and
communicated to implementation and support teams for inclusion within operational
procedures before systems entering production.
A sample of jobs must be verified as part of the process to maintain the integrity of the
information being backed up, in a manner commensurate with the reliability of the backup
media.
1.2.2
Backup failure reports must be produced, reviewed and acted upon within a reasonable
timeframe to ensure successful completion.
To protect against data corruption, optical and tape media should not exceed the
manufacturers usage recommendations.
1.3.2
The validation and recovery process must be documented in an auditable manner and tested
on a regular basis to be determined by the IT Recovery Plan.
Backup media must be treated as being of an equivalent classification level as the source
information system. For example, sensitive data such as regulated Personal Identifiable
Information must be appropriately encrypted (e.g., at the database or file level) when stored on
backup media.
1.4.2
Backup media must be retained in line with the IT recovery, data retention and record
management requirements where applicable.
1.5.2
Backup media must be disposed of in line with appropriate disposal requirements described in
the Data Classification Standard and Data Handling Guidelines, for example by overwriting
media or physical destruction using a verified, auditable process.
Backup media containing sensitive information must only be transported offsite with
appropriate physical protection, in a secure container, within a secure vehicle, following an
auditable and verifiable process.
1.6.2
The frequency of sending backup media off-site must be documented and justified in the
backup schedule. Consideration of the frequency should take into account the importance and
recovery requirements of the data.
1.6.3
Backup media must be stored in a safe and secure physical location to ensure that media is
protected from unauthorised access, modification or destruction. This includes:
a) Off-site in relation to UNSW and stored at a location with strict physical security in place.
b) In a temperature controlled environment employing fire prevention suppression
mechanisms.
c) In designated fire-safes within the UNSW campus, for local storage of backup media.
2.
Control Exceptions
All exemption requests must be reviewed, assessed and approved by the relevant business stakeholder. Please
refer to the ISMS Base Document for more detail.
Page 2 of 3
3.
The table below maps the Data Backup Standard with the security domains of ISO27001:2013 Security
Standard and the Principles of Australian Government Information Security Manual.
ISO27001:2013
12 Operations security (12.3 backup)
4.
This section details the initial review, approval and ongoing revision history of the standard. Post initial review
the standard will be presented to the ISSG recommending the formal UNSW policy consultation and approval
process commence.
A review of this standard will be managed by the Chief Digital Officer on an annual basis.
4.1
Quality Assurance
This document was designed and created by external and internal consultants in consultation with internal key
technical subject matter experts, business and academic stakeholders.
4.2
Sign Off
Endorsed by:
ISSG - Information Security Steering Group
ITC - Information Technology Committee
CDO Chief Digital Officer
Date
th
30 July 2015
th
27 August 2015
th
7 June 2016
Accountabilities
Responsible Officer
Contact Officer
ITpolicy@unsw.edu.au
Supporting Information
Parent Document (Policy)
IT Security Policy
Supporting Documents
Nil
Related Documents
Superseded Documents
Nil
Nil
File Number
Revision History
Version
Approved by
Approval date
Effective date
Sections modified
1.0
7 June 2016
7 June 2016
Page 3 of 3