S 6.34 Determining the factors influencing data backup

Initiation responsibility: IT Security Officer

Implementation responsibility: Administrator, Persons responsible for individual applications

The following influencing factors must be determined for every IT system, possibly even for individual IT applications with particular relevance. For this, the system administrators and the persons responsible for the individual IT applications may be consulted. The results must be clearly documented.

In the following, a fictitious example will be used in order to demonstrate how the influencing factors can be determined in practice. The example is based on a server-supported LAN with 10 PCs connected as workstations. The IT system is used for order processing using a customer database. The application data is stored centrally to the network server.

The following must be determined in detail:

Specification of the data to be backed up

The database of the IT system (IT application) required for performing the specialised tasks should be determined. This includes the application and operating software, the system data (e.g. initialisation files, macro definitions, configuration data, text modules, password files, data access rights files), the application data, and logged data (login logging, logs regarding security violations, data transmission logs, etc.).

Example result 1: Specification of the data to be backed up

IT system: server-supported LAN with 10 connected PCs
Data to be backed up:

• Software:
  network operating system, operating systems of the PCs, text editing software, database software, etc. in the form of standard software
• System data:
  on the network server: system internal settings (e.g. right structure, passwords)
  on the PCs: initialisation files of the text editing software and database software, macro definitions, and text modules
• Application data on the network server:
  files containing correspondence, customer database
• Logged data on the network server:
  logging of the network activities

Availability requirements of IT applications for the data

Now, the availability requirements must be defined for the data specified in the first step. Specifying the maximum tolerable period of disruption (MTPD) is an effective means of this. It defines the time the specialised task can be continued in the absence of this data without having to rely on backed up databases. It should also be considered whether it is possible to continue the work in the short term without IT support based on the paper situation.

Example result 2: Availability requirements

• Software: MTPD 1 day
• System data:
  • On the network server: MPD 1 day
  • On PCs: MPD 1 week (a PC can be dispensed with for up to one week)
• Application data:
  • Files of written correspondence: MPD 1 week
  • Customer database: MPD 1 day
• Logged data: MTPD 3 days

Time and expenditure required for data reconstruction without data backup

In order to develop a data backup policy that is appropriate from an economical perspective, it is necessary to know whether and with which effort destroyed databases can be recovered if data backup is not available. It should be examined which sources the data can be recovered from. For example, the aforementioned includes the records, print-outs, microfiches, interviews, and surveys.

The financial cost or amount of work of data collection employees should be measured in working days (WD).

Example result 3: Reconstruction effort

• Software:
  reacquisition by purchasing and subsequent installation within one day (if original software is no longer present)
• System data:
  • On the network server: manual reconstruction: 1 WD
  • On PCs: 1 WD
• Application data:
  files containing correspondence: target-oriented collection from current paper situation: 10 WD (completely capturing the correspondence is not required)
  Customer database: complete capturing from paper situation: 10 WD
• Logged data:
  cannot be reconstructed, since not printed on paper

Data volume

The data volume stored and to be backed up is a decisive factor for the selection of the data medium. The required specification only covers the data to be backed up and should use megabytes (MB) as a unit.

Example result 4: Data volume

• Software: 100MB
• System data:
  • On the network server: 2MB
  • On PCs: 0.3MB
• Application data:
  • Files of written correspondence: 100MB
  • Customer database: 10MB
  • Protocol data: 10MB (weekly check in addition to erasure)
• Logged data: 10MB (weekly control plus deletion)

Change volume

In order to be able to determine the data backup frequency and the adequate backup procedure, the amount of data/files changing within a certain period of time must be known. The unit MB/week would be conceivable at this point. It is necessary to provide information as to whether existing files are changed regarding their content or whether new files are created.

Example result 5: Change volume

• Software: 50MB on average when changing the version, once a year at the most
• System data:
• Application data:
• Logged data: 10 MB/week

Modification times of the data

There are IT applications the data of which is only modified on certain dates, e.g. the accounting procedure for payroll accounting at the end of each month. In such cases, backing up the data immediately after such a date makes sense. Therefore, it should be specified for the data to be backed up whether it changes daily, weekly, or on certain dates.

Example result 6: Changing times

• Software: changes only when changing the version
• System data: frequent changes
• Application data:
  • Files of written correspondence: daily modifications
  • Customer database: daily modifications
• Logged data: continuous change

Deadlines

For the data, it must be clarified whether certain deadlines must be met. These deadlines may include retention periods or also deletion periods in connection with personal data. These deadlines must be taken into consideration when defining the data backup.

Example result 7: Deadlines

• Software:
  
  it is not necessary to retain the backed up databases
• System data:
  
  it is not necessary to retain the backed up databases
• Application data:
  
  files containing correspondence retention period for vouchers is six years (§257 HGB); a database of backed up data (of one year) must be retained for this period
  
  customer database: it is not necessary to retain the data, deletion periods according to BDSG (§20 and/or § 35) must be observed
• Logged data:
  
  upon weekly analysis of the logged data, 2MB of the data must regularly be retained for one year and/or until the next examination by the Data protection Officer

Confidentiality requirements of the data

The confidentiality requirements of a file are transferred to the backup copy during data backup. When merging backup copies with identical confidentiality requirements on one data medium, accumulation effects may result in increased confidentiality requirements of the stored data. Therefore, the confidentiality requirements of the individual data to be backed up must be specified, and additionally the combinations of data having higher confidentiality requirements than the data alone.

Example result 8: Confidentiality requirements

• Software:
  low confidentiality requirements, because this is publicly accessible data, only copyright agreements must be observed
• System data:
  • On the network server: medium confidentiality requirements (passwords are stored in encrypted form)
  • On PCs: not confidential
• Application data:
  • Files of written correspondence: individual files are of medium confidentiality requirements; all the data together are of high confidentiality requirements
  • Customer database: high confidentiality requirements
• Logged data: high confidentiality requirements (personal data allowing for a usage profile)

Integrity requirements of the data

For data backups, it must be ensured that the data was stored with integrity and not changed during the retention period. This becomes all the more important the higher the integrity requirements of the user data. Therefore, the integrity requirements must be specified for the data backups.

Example result 9: Integrity requirements

• Software: the software must meet high integrity requirements.
• System data:
  • On the network server: high integrity requirements (due to rights administration)
  • On PCs: high integrity requirement
• Application data:
  • Files of written correspondence: individual files have medium integrity requirements
  • Customer database: high integrity requirements
• Logged data:
  before being analysed, the data is characterised by high integrity requirements, after being analysed, only the data to be retained is characterised by medium integrity requirements.

Knowledge and data processing-specific skills of the IT users

In order to be able to decide who will back up the data, the IT user himself/herself or specifically commissioned employees and/or the system administrators, it is decisive which knowledge and data processing-specific skills the IT user has and which tools he/she can be provided with. If the time strain for the IT users is too high when backing up data, this should be specified.

Example result 10: Knowledge

• The network administrator has sufficient knowledge for backing up the data on the network server. The IT users of the PCs dispose of sufficient knowledge and skills for backing up the PC system data independently.

Review questions:

• Were both the administrators and the IT users involved in the determination of influencing factors for data backup?
• Are new requirements for data backup taken into consideration promptly in an updated data backup policy?