IT BACKUP POLICY

PURPOSE Brock University requires its data and systems to be backed up

and the backup media (both tape and disk) be stored in a secure
manner. This Policy aims to protect data and systems at Brock
to ensure that they can be reliably recovered if required. This
Policy also addresses recovery of data accidentally deleted by
users, which is on a best effort basis.

SCOPE This Policy applies to all University electronic data stored on all
IT-managed applications and systems.

POLICY  Brock University systems must be regularly backed up and

STATEMENT the backups must be restorable. The standard backup
interval is once per day. Data owners may request a change
to this interval for their data via a support request to the
Information Technology Services Help Desk.
 Backup media must be stored off site.
 Backup media must be protected from physical and
environmental damage (e.g., fire, water, dust, etc.).
 Backup media must be secured through controlled access.
 A current inventory of all offsite backup media must be
maintained. , An annual physical inventory, including offsite
media, must be performed and the results reviewed by the
Director, IT Infrastructure.
 Data no longer required must be removed from backup
media in a manner that prevents the data from being read.
 The Standards for Backup support this Policy with detailed
backup requirements which must be complied with.

DEFINITIONS Data Backup: A periodic copy of data to either disk and / or

tape for the purpose of being able to restore data in case of

Page 1 of 2
 data loss.

Data Restore: A process to copy backup files from secondary

media to return data to its original condition.

COMPLIANCE ITS enforces this Policy and the related Standards at all times.
AND REPORTING Anyone who has reason to suspect a deliberate and / or
significant violation of this Policy is encouraged to promptly
report it to the Information Technology Services (“ITS”) Help
Desk. Policy violations that come to the attention of the ITS
Help Desk will be escalated to the Director, Infrastructure.

Policy violations will be assessed and action taken to remediate

the violation subject to collective agreements and / or other
contractual conditions.

Where Policy violations are considered severe and / or cannot

be easily remediated, the incident will be escalated to the AVP,
ITS for further action. Periodically, the AVP, ITS will provide to
SAC a summary of all policy violations.

Policy owner: Associate Vice-President, Information Technology Services

Authorized by: Board of Trustees, Capital Infrastructure Committee
Accepted by: SAC
Effective date: March 2016
Next review: March 2017
Revision history: New
Related documents: Standards for Backup

IT Backup Policy Page 2 of 2

Standards for Backup
Brock University

Version 0.9
Prepared By: Sergio Sartor
Andreas Paulisch
Allan Surrey
Brad Saxton
Standards for Backup

Contents
1. Revisions ..................................................................................................................... 3
i. Document Editors ................................................................................................. 3
ii. Document Reviewers ............................................................................................ 3
iii. Intended Audience ................................................................................................ 3
iv. References and Related Documents ..................................................................... 3
1. Purpose ........................................................................................................................ 4
2. Requirements ............................................................................................................... 4
2.1 Backup Media ....................................................................................................... 4
2.2 Backup Methodology............................................................................................ 4
2.3 Data Identification ................................................................................................ 5
2.4 Additional Backups .............................................................................................. 5
2.5 Backup Testing ..................................................................................................... 5
2.6 Off Site Storage .................................................................................................... 5
2.7 Destruction of Data ............................................................................................... 6
2.8 Backup Inventory.................................................................................................. 6
2.9 Network Backup ................................................................................................... 6
2.10 Backup Monitoring ............................................................................................... 6
3. Data Backup Environment........................................................................................... 7
3.1 Server Backups ..................................................................................................... 7
3.2 Database Backups ................................................................................................. 7
4. Data Backup Definitions ............................................................................................. 7
5. Appendix 1: Backup Server Details ........................................................................... 8

2
Standards for Backup

1. Revisions

Version Primary Author(s) Description of Version Date

0.5 Various Initial implementation November 25, 2014
0.7 Al Surrey & Sergio Updated based on internal ITS feedback. December 9, 2014
Sartor

i. Document Editors
Reviewer Section(s)

ii. Document Reviewers

Reviewer Section(s)

iii. Intended Audience

This document is intended for all users and administrators of Data Backup media
and systems at Brock University.

iv. References and Related Documents

Version Title Document Location Date Accessed
mm/dd/yyyy

3
Standards for Backup

1. Purpose
The purpose of this document is to support and outline in detail the requirements
of the IT Backup Policy. These requirements are mandatory and must be
adhered to by all data custodians and backup administrators.

2. Requirements

2.1 Backup Media

 Backup media include either tape or disk

 External hard drives and thumb drives are not considered reliable backup
media and therefore must NOT be used as primary backup media
 Backup tapes must have a lifespan of no more than five (5) years
- Tapes less than 5 years old will be recycled
- Tapes more than 5 years old will be destroyed
- Tapes no longer required will be destroyed

 Backup media will be identifiable as belonging to Brock University

 Tapes must be appropriately labelled and include the date the tape was
put into service.

2.2 Backup Methodology

 Backups must be automated

 Backups must be performed on a scheduled basis to meet specific
recovery times objectives (RTO) and recovery point objectives (RPO)
parameters set by the data owners (see Backup Definitions for RTO and
RPO definitions)
 If no specific RTO or RPO is defined, data is considered recoverable with
an RPO of twenty-four (24) hours – once per day.

4
Standards for Backup

2.3 Data Identification

It is the responsibility of the data owner to identify data that is critical and needs
to be backed up. This identification is captured as requirements during the
implementation cycle of a system or service. Changes to this can be made by
the data owner via a service request at the Information Technology Services
(“ITS”) Help Desk.

Data and files NOT stored in centrally managed shared drives (e.g., My
Documents) are not backed up.

2.4 Additional Backups

Data or system backups that are required outside of the standard backup
schedule can be requested via a service request at the ITS Help Desk.

2.5 Backup Testing

Backup schedules must be developed for all new systems and the restore must
be tested prior to putting into production.

Existing systems must be tested on a periodic basis to ensure backups are

reliable. A log of these tests must be maintained by the backup administrator
showing last test and restore dates.
 Logs must be retained for a minimum of three years
 Logs must be reviewed annually by the Director, IT Infrastructure, with
physical evidence (e.g., signoff) of review.

2.6 Off Site Storage

At least one copy of a data backup must be kept in a location at least 50 meters
from the physical location of the system the backup was performed on.
 This site must be secure and a log of entry maintained
 Logs must be retained for a minimum of one (1) year
 Access permissions to the secure location must be reviewed annually by
the Director, IT Infrastructure, with physical evidence (e.g., signoff) or
review.

During transport of backup media to the off-site storage location, the media in
transit must not be left unattended and must be secured at all times.

5
Standards for Backup

2.7 Destruction of Data

 Recycled media may be overwritten and reused

 Retired media must be destroyed so it is unreadable and cannot be
accessed.

2.8 Backup Inventory

An inventory of all removable backup media must be maintained by the backup

administrator showing the identification of media and systems associated with
the media set.

A physical inventory of removable backup media must be conducted annually.

Exceptions must be identified and investigated. The results must be reviewed
and signed off by the Director, IT Infrastructure.

2.9 Network Backup

A log of current network devices and their configurations must be maintained to

aid in recovery of the devices to their most recent state if required.

It is the responsibility of the network administrators to maintain this log and a

backup copy.

The log must be reviewed annually for completeness and accuracy, with
exceptions identified and investigated by the network administrator. The results
must be reviewed and signed off by the Director, IT Infrastructure.

2.10 Backup Monitoring

The backup log must be reviewed daily during business hours (Monday - Friday)
by the backup administrators to identify exceptions / failures.

In the event of a backup failure, the failure must be assessed for severity by the
backup administrator and if deemed critical, an IT service desk ticket created. A
determination will be made on the cause of the failure and the next appropriate
window of opportunity identified to restart the backup. The ticket will be closed
once a successful backup has been completed.

6
Standards for Backup

3. Backup Environment

3.1 Server Backups

All Brock University system and data backups must be performed using backup
software that meets the standards for data backup as defined in this document.
This includes Microsoft System Center Data Protection Manager (DPM) for
Windows systems and EMC Networker Software for Linux systems.

3.2 Database Backups

Database backups are used for data recoveries and may be used in conjunction
with a system level backup. A typical database backup is configured as follows:
 SQL Server databases for critical applications are backed up using Idera
backup software nightly to a local disk and a network disk
 Network database disk backups are backed up by DPM
 Database logs are created every 10 minutes to disk
 Partial data recoveries can be made by IDERA and DPM (when a local
copy is not available).

4. Backup Definitions

Protection Group: A protection group is a collection of data sources that share

the same protection configurations and settings.

Recovery Point Objective (RPO): The age of files that must be recovered from
backup storage for normal operations to resume if a failure occurs.

Recovery Time Objective (RTO): The targeted duration of time within which a
business process must be restored after a disruption to avoid unacceptable
consequences.

Replica: System Center Data Protection Manager (DPM) creates a replica of the
data on its own storage subsystem. This happens on a set schedule and is
called a replica.

Synchronization: Synchronization is the process by which DPM transfers data

changes from a system to a server and then applies the changes to the replica.
It relies on synchronization to keep the replicas synchronized with live data.

7
Standards for Backup

Synchronization Frequency: DPM allows a synchronization frequency level

interval anywhere from 15 minutes to 24 hours.

5. Appendix 1: Backup Server Details

Server Backup Software Version Total Tapes Tape Agents

Name Disk Drives
Storage
NOAH Microsoft System 4.1.3453.0 20TB 220 2 49
Center 2012 Data
Protection Manager
CUBIT Microsoft System 4.2.1254.0 37TB 70 2 24
Center 2012 Data
Protection Manager
CITS- Microsoft System 4.2.1273.0 22TB 220 2 49
ARK Center 2012 Data
Protection Manager