S 6.50 Archiving a database

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

If it is necessary to archive the data of a database system, a corresponding concept must be drawn up to ensure that it is possible to restore all databases completely and consistently at a later point in time. The following aspects must be taken into consideration in this case:

Archiving

• The archiving capabilities available must be identified.
• The data model the data to be archived is based on must be documented.
• The time of archiving must be documented.
• The version of the database management system and the service programs used must be documented.
• The structure, methodology, and evaluation criteria of the archive must be specified.
• For all archiving media, a maximum physical life span must be determined based on the manufacturer's specifications and empirical values. Dates for refreshing the archived database must be specified accordingly.
• The required availability of the archived databases must be examined regularly and adapted to meet the specific requirements, if necessary. Necessary changes will affect, amongst other things, the selection of the archiving medium, as well as the type and method of archiving used. For high availability requirements, it may be necessary to have access to several historical versions of the same databases at the same time.
• It must be ensured that the specified retention periods are adhered to.

Restoration

• The archived database must not have any effect on the current database.
• There must be enough memory space available to restore the archived databases.
• It must be possible to restore the archived database, even if the data model or the database version has changed in the meantime. In this case, the data model and the corresponding service programs used must be known at the time of archiving in order to be able to restore the data to the previous state.
• If the data restored needs to be processed by an application, there must be a version of this application available that supports the "old" data model.
• Whether or not it is possible to restore the archived database must be checked regularly.

When archiving databases containing personal data, the requirements of the data protection laws and the rules resulting from these requirements must be taken into consideration additionally. For example, this means that a person whose personal data has been archived has the right to demand the blocking or deletion of his/her stored personal data. Under some circumstances, the data will need to be completely deleted, including copies of the data existing in backups and archives, after a certain time. To guarantee this data is deleted, corresponding technical and organisational procedures must be developed. In particular, it must also be possible after restoring the old databases to restore all corrections, changes, blocks, and/or deletions made between the time the restored database was backed up and the time it was restored.

Review questions:

• If it is necessary to archive the data of a database system: Is there a concept for archiving the data of the database system?
• Is there a tested concept for restoring archived databases?
• Have legal provisions for archiving been taken into consideration (e.g. retention periods, archiving of personal data)?
• Is the archiving concept checked regularly and revised when necessary?