Backups for organization's business critical data shall be conducted and stored on a system
different from the device on which the original data resides.
Guidance
- Organization's business critical system's data includes for example software, configurations and
settings, documentation, system configuration data including computer configuration backups,
application configuration backups, etc.
- Consider a regular backup and put it offline periodically.
- Recovery time and recovery point objectives should be considered.
- Consider not storing the organization's data backup on the same network as the system on which the
original data resides and provide an offline copy. Among other things, this prevents file encryption
by hackers (risk of ransomware).
The reliability and integrity of backups shall be verified and tested on regular basis.
Guidance
This should include regular testing of the backup restore procedures.
Backup verification shall be coordinated with the functions in the organization that are
responsible for related plans.
Guidance
- Related plans include, for example, Business Continuity Plans, Disaster Recovery Plans, Continuity of
Operations Plans, Crisis Communications Plans, Critical Infrastructure Plans, and Cyber Incident
response plans.
- Restoration of backup data during contingency plan testing should be provided.
A separate alternate storage site for system backups shall be operated and the same security safeguards as the primary storage location shall be employed.
Guidance
An offline backup of your data is ideally stored in a separate physical location from the original data source
and where feasible offsite for extra protection and security.
Critical system backup shall be separated from critical information backup.
Guidance
Separation of critical system backup from critical information backup should lead to a shorter recovery time.
In connection with the data systems listing, we describe for which systems we are responsible for the implementation of the backup. The organization’s own backup processes are documented and an owner is assigned to each. The documentation includes e.g.:
The media used for backups and the restoration of backups are tested regularly to ensure that they can be relied on in an emergency.
Accurate and complete instructions are maintained for restoring backups. The policy is used to monitor the operation of backups and to prepare for backup failures.
With adequate backups, all important data and programs can be restored after a disaster or media failure. An important first step in a functional backup strategy is to identify who is responsible for backing up each piece of data. Determining the responsibility for backup is the responsibility of the owners of the information assets (systems, hardware).
If the backup is the responsibility of the partner, we will find out:
If the backup is our own responsibility, we will find out:
Restorability refers to how quickly personal data are restored to be available and accessible in the event of a physical or technical failure.
With adequate backups, all important data and programs can be restored after a disaster or media failure. To determine your backup strategy, it is important to map / decide on at least the following:
In Cyberday, all frameworks’ requirements are mapped into universal tasks, so you achieve multi-framework compliance effortlessly.
.png)
Elevate Your Knowledge with Exclusive Access to Weekly Webinars, Video Courses, Help Articles, and Blogs.
