Data Backup

Administrative Regulation Title: Data Backup

Regulation Number: 7.1.3

_____________________________________________________________________________________

Purpose:

This Data Backup Administrative Regulation (this “Admin Reg”) outlines the data backup practices of the College. Regularly backing up data protects against data loss in the event of a physical disaster, database corruption, cybersecurity incident, hardware or software failure, or other incident which may lead to the loss or unavailability of data. Standardized backup practices facilitate the College’s goal of ensuring the integrity and availability of Institutional Resources and allow College functions to resume in an acceptable timeframe following incidents.

Definitions:

Capitalized terms not defined in this Admin Reg have the meaning set forth in the Information Security Policy.

Scope:

This Admin Reg applies to all Institutional Resources.

Backup Overview:

Data backup is the practice of saving data in a manner that is logically and physically separated from the production system for the purpose of preventing unplanned data loss in the event of equipment failure or destruction. Backup practices discussed in this Admin Reg represent the minimum backup standards for all Institutional Resources. Specific backup standards for systems and resources throughout the College will be determined by the Chief Information Officer, taking into account the criticality and restoration requirements associated with the data. Backup standards are determined using the College’s Information Classification and Disaster Recovery standards.

Backup Requirements and Practices:

Data backups are:

Required for all Mission Critical Systems and for any Institutional Resource that creates, processes, maintains, or stores data classified as Highly Sensitive (Level 3).
Recommended for Confidential (Level 2) data, and for data that cannot be recreated in a timeframe satisfactory to the owner.
Optional for all other Institutional Resources.

Data intended to be temporary in nature (i.e., work or scratch files), which can readily be recreated from source data in a timely manner, may be excluded from backup requirements provided that the original source data is backed up.

To facilitate appropriate data backups, the Office of Information Technology (“OIT”) will work with College departments and Personnel to:

Identify primary responsibility within the unit or program for data backup and appropriately define roles and responsibilities to ensure timeliness and accountability related to backups;
Classify Institutional Data and determine the backup method best suited to their classification level;
Ensure that backups containing data classified as Highly Sensitive (Level 3) are encrypted both in transit and at rest and determine whether encryption is necessary for backups containing Confidential (Level 2) data; and
Determine appropriate backup location (data must be backed up to College approved and managed devices or servers).

Third-Party Vendors:

Contracts with vendors that maintain, protect, or provide access to the College’s Mission Critical Systems or Highly Sensitive (Level 3) data—whether on-premise or cloud-based—must include appropriate data backup provisions.

References:

Business Continuity and Disaster Recovery Administrative Regulation

Data Retention

Information Classification Administrative Regulation

Information Security Policy

Revision History:

Original Adoption Date: 1/29/24

Revision Date(s):

Date Reviewed, no change:

Become a Lancer Today

Apply Now

Become a Lancer Today

Apply Now

Become a Lancer Today

Apply Now

Become A Lancer Today

Apply Now

Become a Lancer Today

Apply Now

Become a Lancer Today

GET IN TOUCH

Helpful Links