Information

Backup Policy and Data Security

Backup Theory:

Backup of computer data is an essential component of an effective Data Security Policy. Data Security traditionally embodies three fundamental principles;

Confidentially, Integrity and Availability:

• That is, at all times, and in all places, company data must remain Confidential, and legislation is in place to ensure that particularly private data, containing identity information, a name and address or credit card and banking information must by law be protected from unauthorized access or disclosure.
• Data must remain Available, that is to say that even in cases of hardware failure, company data should remain accessible in some form, or can be restored onto new or replacement hardware such that the company's data systems can remain operational and company business can continue.
• And most pertinent to backup, the Integrity of data must be assured, such that in the case of application failure, hardware failure or other eventuality, digital information remains correct, accurate and intact, albeit in a slightly earlier version.

Backup Policy:

A Backup Strategy is only effective if a Backup Policy is in place, and this requires a certain amount of user education, and if possible, company procedures should be put in place to ensure compliance.

If possible, a Centralized Storage Policy should be in place, such that all applications used on workstations access their data from a central server or network disk. This has SO MANY ADVANTAGES, from all points of view, including data integrity, version control, data security and of course backup, since we would not have to 'work-around' the users but could instead implement a solid and reliable server-centric backup strategy.

Users should by all means be discouraged from taking data away on laptops or memory sticks, as this is not only bad for data security and unauthorized disclosure, but also makes it impossible to backup the latest version of crucial documents they may be working on.

A brief Backup Policy Document should be prepared and incorporated into the Company Quality Procedures. Even in ISO 9000 accredited companies, backup of computer data is rarely given much attention, so the inclusion of such a documented procedure is both a desirable and necessary addition to corporate quality procedures.

In case a Centralized Storage Policy is not in place, it is often useful to prepare 'Memo-Cards' for issue to all members of staff, giving very brief instructions on how to ensure files are closed, and computers are shut down properly in order to minimize data corruption and increase the relevance of the backup. This should of course be backed up by numerous written memos and company emails!