Approver(s):
Authorizes Release:
Responsible Area:
Review Cycle:
Last Review:
Related Policies and Additional References:
None
Introduction
The Data Server Backup Policy establishes a comprehensive framework for backing up, recovering, and retaining data and systems within the University. The main objectives of this policy are to protect critical University data, minimize the risk of data loss, and provide a clear process for data recovery in the event of system failures, data corruption, or other unforeseen events.
Purpose
The purpose of this Backup Policy is to establish a comprehensive framework for the backup, recovery, and retention of data and systems within the University. This policy is designed to ensure the protection of critical University data, minimize the risk of data loss, and provide a clear process for data recovery in the event of system failures, data corruption, or other unforeseen events. The aim is to support the continuity of academic, administrative, and research operations while complying with relevant legal, regulatory, and data protection requirements.
Scope
This Backup Policy applies to all data, systems, and applications within the University’s technology infrastructure under state and federal regulations and best practices relating to data protection and security to ensure that all personnel and identifiable data is recoverable in the event of accidental loss or damage, and that all personnel and identifiable data on recoverable media is securely protected. Only systems that are under the direct purview of Information Services are covered under this policy.
Systems Management
Information Services will ensure on an on-going basis that all elements of its backup system are maintained to ensure:
- The integrity and confidentiality of data copied during backup and restore operations.
- Appropriate access to data maintained within the backup system—recoverability in the face of system failure, or disaster.
- Stability
What Will Be Backed Up
All computer systems designated as providing mission critical, production and development services. Computer systems will be backed up on redundant disk media and stored at a secure off-site location.
Backup Schedules
The Information Services (IS) department will implement a backup strategy using the Grandfather-Father-Son (GFS) model for efficient scheduling, rotation, and retention of backups. This scheme provides a structured approach to backup management.
Under this new policy, we will create a single daily backup using a compressed and deduplicated block-based incremental method. This process captures only the changes since the last backup, reducing storage requirements and backup time.
Our GFS-based retention policy is as follows:
- Son (Daily backups): These backups are created every night.
- Father (Weekly backups): These backups are taken from the last daily backup of each week.
- Grandfather (Monthly backups): These backups are taken from the last weekly backup of each month.
- Production Oracle databases will have their archive and redo logs backed up a minimum of four times a day during business hours.
This strategy allows us to maintain a consistent and reliable backup schedule while optimizing storage resources and backup times.
Retention of Backups
Backups will be kept on redundant disk media for the following durations.
- Daily backups will be kept for a minimum of seven days.
- Weekly backups will be kept for five weeks.
- Monthly backups will be kept for 12 months.
Encryption
All backup data is encrypted and stored in AWS S3 Cloud Storage to protect Faculty, Staff, and Student information. Information Services will be responsible for ensuring that the encryption keys are kept secure.
Off-site Storage of Backups
All Daily, Weekly, and Monthly, backup data will be kept at a secure off-site location.
The secure off-site location (AWS S3 Cloud Storage) is defined as a physical location far enough away from the St. Mary’s Data Center as to be protected from a Data Center disaster. The location is safe from environmental hazards, and secure from physical access by other persons that are not authorized employees of Amazon.
Backup Logging
A weekly backup log will be issued to keep a report of backups, their status and maintenance of the backup system.
Testing/Validation
Testing and validation will be performed monthly by Information Services to ensure the correctness of backups.
A random selection of computer systems will have small data sets selected from random Weekly, and Monthly, to be restored in a way that will not impact production needs.
Restore Time Objective
Personnel and identifiable data will not be recoverable if older than a year.
The Recovery Time Objective for the restore of individual data may be up to seven business days, but not longer than seven business days.
Definitions
Backup Logging: The process of documenting backup operations, including a report of backups, their status, which disk, or tape media were used, and backup system maintenance.
Block-Based Incremental Backup: A method of backup that captures only the data blocks that have changed since the last backup, thereby reducing storage requirements, and improving backup times.
Encryption: The process of securing backup data by encoding it with a cryptographic key. The encrypted data is stored in a secure location, such as AWS S3 Cloud Storage, to protect confidential and sensitive information.
Grandfather-Father-Son (GFS) Backup Scheme: A structured backup strategy where “Son” represents daily backups, “Father” represents weekly backups, and “Grandfather” represents monthly backups. This approach allows for efficient backup rotation, scheduling, and retention.
Replication: The automatic copying of data to ensure that it is consistently mirrored at an off-site location. This process enhances data redundancy and aids in disaster recovery.
Recovery Time Objective (RTO): The maximum allowable time to restore a backup to ensure continuity of operations. In this case, the RTO for individual data restoration is set at a maximum of seven business days.
Restore Time Objective: The specific timeframe in which data should be recoverable. For this policy, data older than one year will not be recoverable, and the restoration objective is set to a maximum of seven business days.