S 1.4 Data backup policy
Description
Stored data may be rendered useless and/or be lost due to technical failure, accidental deletion, or manipulation. A data backup is intended to guarantee that IT operations can be reassumed in the short term by means of a redundant database if parts of the operative database are lost.
However, designing an adequate and functional data backup requires an organised approach due to its complexity. This module describes how to create a data backup policy for an IT system.
Threat scenario
The following typical threat is assumed for IT-Grundschutz regarding the data to be protected by means of a data backup policy.
Technical Failure
| T 4.13 | Loss of stored data |
Method recommendation
In order to secure the information system examined, other modules will need to be implemented in addition to this module with these modules being selected based on the results of the IT-Grundschutz modelling process.
In order to implement efficient data backup, a series of steps must be taken. These are described in safeguard S 6.33 Development of a data backup policy and are explained by the safeguards mentioned there. For this reason, implementation should start with safeguard S 6.33.
The bundle of safeguards for the field of "data backup policy" is presented in the following, which is reasonable first and foremost for larger IT systems or IT systems with large data volumes. The safeguards should be implemented in the sequence specified in order to systematically draw up a data backup policy.
Planning and design
| S 6.33 | (B) | Development of a data backup policy |
| S 6.34 | (B) | Determining the factors influencing data backup |
| S 6.35 | (B) | Stipulating data backup procedures |
| S 6.36 | (A) | Stipulating a minimal data backup policy |
Purchasing
| S 2.137 | (C) | Procurement of a suitable data backup system |
Implementation
| S 2.41 | (A) | Employees` commitment to data backup |
| S 6.21 | (C) | Backup copy of the software used |
| S 6.37 | (A) | Documentation of the data backup |
Operation
| S 6.20 | (A) | Appropriate storage of backup data media |
| S 6.22 | (A) | Sporadic checks of the restorability of backups |
Contingency Planning
| S 6.32 | (A) | Regular data backup |
| S 6.41 | (A) | Training data reconstruction |