IT - Backup and

Recovery
Policy
REVISION HISTORY
Version Author Date of Sections Affected
Number Revision
1 XXXX All

AUTHORIZATION
Prepared by Date

Reviewed By

Approved By
 Table of contents:

1. SCOPE.........................................................................................................................1

2. POLICY STATEMENT...............................................................................................1

2.1 BACKUP POLICY..............................................................................................1

2.2 RECOVERY POLICY.........................................................................................1

2.3 RESTORATION TESTING POLICY.................................................................1

3. COMPLIANCE WITH THE POLICY........................................................................1

4. VIOLATION OF THE POLICY..................................................................................1

4.1 CONSEQUENCES OF VIOLATION OF THE POLICY...................................2

5. CONTACT ROLE FOR CLARIFICATIONS REGARDING THE POLICY............2

Scope
This policy applies to all users of information assets including COMPANY employees,
employees of temporary employment agencies, vendors, business partners, and
contractor personnel and functional units regardless of geographic location.

Policy Statement
The purpose of the Backup and Restore Policy is to ensure that there is an appropriate
mechanism to backup all the critical information and restore the same without,
whenever necessary.

1 Backup and Retention Policy

All application and operating systems software, data (including databases), application
and operating systems configuration information, hardware configuration information
(where applicable) and Log files / Logs from various systems that need to be backed
up must be identified and documented.
Frequency of backup, medium of backup and storage of the backup must be identified
and documented.
A suitable/appropriate product or application should be used and backup must be taken
based upon the procedures recommended by the vendor/implementer.
Backup records must be maintained by personnel and be updated regularly to keep
track of the data that has been backed up as well as control the activity.
Backup process can be automated in the system given the specific period and the
administrator has to use the proper cartridge every day. The Schedule is as follows:

Systems Daily Weekly Monthly Yearly

ERP Database X X X X
File server (Print & File) X X X
E-MAIL SERVER X X
Laptop Users X

BACKUP RETENTION PERIOD

SAP:

Daily backup Three weeks

Weekly backup Nine Weeks

FILE SERVER:

Weekly backup One month

E-MAIL SERVER:

Daily backup Three days

1
STANDALONE SYSTEMS:

Monthly backup Until next backup

2 Recovery Policy
Backed up data must be provided for restoration purposes after approval and
authorization. A log of backed data restored from backup media must be maintained.

3 Restoration Testing Policy

To verify the readability of backup media, mock restoration tests must be carried out,
on the test systems periodically.
The entire process must be documented detailing the test plan, the activities carried out
and the test results.
Exceptions identified during the testing process must be documented and reported.

Compliance with the Policy

Compliance with the Backup and Restore Policy is mandatory. Company Department
Heads shall ensure continuous compliance monitoring within their Department.
Compliance with the Backup and Restore Policy shall be a matter for periodic review
by Head IT.

Violation of the Policy

Any employee who discovers a breach of this policy shall notify the Head IT.
Violations of the policies of Company shall result in disciplinary action by
management.

4 Consequences of violation of the Policy

Disciplinary action shall be consistent with the severity of the incident, as
determined by an investigation, and may include, but not be limited to:
Loss of access privileges to information assets, and
Other actions as deemed appropriate by Management, Human Resources, and
the Legal Department.