S 6.36 Stipulating a minimal data backup policy

Initiation responsibility: IT Security Officer

Implementation responsibility: IT Security Officer

For a company and/or a government agency, the minimum data backup requirements must be defined. This way, many cases where thorough examinations and the creation of a data backup policy are too expensive can be dealt with wholesale. Furthermore, this provides for the basis generally applicable to all IT systems, including new IT systems no data backup policy was drawn up for yet.

This is to be explained by means of an example:

Minimum data backup policy

Software:

All software, purchased or created independently, must be backup up once by means of full data backup.

System data:

System data must be backed up at least once a month with one generation.

Application data:

All application data must be backed up at least once a month by means of full data backup using the three generations principle.

Logged data:

All logged data must be backed up at least once a month by means of full data backup using the three generations principle.

Review questions:

• Is there a definition as to which minimum data backup requirements must be met?