IT backup policy

Scope

1.       This policy applies to:

1.1 All electronic data held within the central administration system (“KAT II”)

1.2 All electronic data stored within the corporate website

1.3 All electronic data stored in any of the Learning Management Systems (“LMS”)

1.4 Email correspondence both inbound and outbound that is held on the Exchange Server

1.5 All electronic documents / files that are held within the central file storage server (“Springfield”)

 

2.       This policy does not cover:

2.1 Information held in non-electronic format

2.2 Data stored locally to PCs / laptops or other end user device

2.3 Data stored on removable media

2.4 Any device / server / file storage area that is not authorised by the IT Manager to be part of the corporate network

Purpose

3.       The purpose of this document is to set out clear guidance on the corporate data backup policies and retention of these backups. 

Introduction

4.       International Workplace Ltd (IWL) collects and processes a diverse range of information for various purposes.  Information is a vital asset that the company is reliant on both for the provision of services and the management of them.

5.       IWL also holds records on behalf of clients via the LMS and eLearning provisioned services.  This information relates to training records and activities and may be considered business critical to clients.

6.       Therefore it is necessary that there is a secure and robust backup framework in place to ensure that in the event of a Disaster Recovery scenario, that data and files can be restored promptly and with minimal loss.

Backup policy

7.       Systems and data will be backed up automatically as per the below schedule:

 

 

System / Platform

Backup Schedule / Retention

Location(s)

KAT II

·         Daily full backups retained for seven days

·         Weekly full backups retained for five weeks

·         Monthly full backups retained for 13 months

·         Yearly full backup retained for three years

Local backup to separate file storage area which is replicated daily to remote site within the UK

Daily backups are also made to provisioned cloud storage within the EEA

Corporate Website

·         Daily full backups retained for seven days

·         Weekly full backups retained for five weeks

·         Monthly full backups retained for 13 months

·         Yearly full backup retained for three years

Local backup to separate file storage area which is replicated daily to remote site within the UK

Daily backups are also made to provisioned cloud storage within the EEA

LMS’

·         Daily Full backups retained for seven days

·         Weekly Full backups retained for five weeks

·         Monthly Full backups retained for 13 months

·         Yearly full backup retained for three years

·         Virtual Clone copy held of each LMS host

All backups are also made to provisioned cloud storage within the EEA

All cloud provisioned LMS’ are replicated across data centres within the EEA

Exchange

·         Daily Full backups retained for seven days

Local backup to separate file storage area which is replicated daily to remote site within the UK

Springfield

Daily Full backups retained for seven days

Local backup to separate file storage area which is replicated daily to remote site within the UK

 

8.       Additional “one-off” backups will be made of any of the above systems immediately prior to any upgrades / patches / version release or bulk data change in line with the corporate change control policy.

Backup verification

9.       All backups to systems have backup verification tests as part of the process of completing the backup.

10.   Daily the IT department will review the backup log files to ensure all backups have completed successfully and in the event of a failure take immediate remedial action and ensure that a working backup has been taken.

11.   Additional spot check and test restores will be made by the IT department to ensure that the backup files are consistent, contain no corruption and are fit for purpose.

Changes to backup schedule and retention

12.   Any change to the backup schedules or retention periods listed within this document have to be approved and signed off by the Change Advisory Board (CAB) as per the change Control Policy.

13.   Clients may request changes to the standard backup and retention periods.  This will be reviewed on a case by case basis and where applicable incur additional costs to the client for the additional storage required.

Review

14.   All policies and procedures relating to information governance or information security will be reviewed by the Information Governance Working Group annually or when there is a requirement to due to regulatory or other changes.

 

Version 1.1, updated 150817