Business Owner should define regulatory requirements.ģ.9 When a computer equipment is changed, consideration should be given to the backup media and data formats to ensure that they can still be restored.ģ.10 Access to backup media must be capable of being retrieved within a time scale documented in the computer disaster recovery plan.ģ.11 Where a third party has been authorized to store backup media, a service level agreement (SLA) should be defined and documented, and in compliance with the IS Security Standards.ģ.12 Automated backup functions within software packages should be used where applicable.ģ.13 Systems backup must also be carried out immediately after any upgrade, changes done to a system or and application.ģ.14 All on-site and off-site tape must be properly labelled.ģ.15 Backup Register for On-Site and Off-Site tapes must be maintained. This must be documented in operations procedures. Only authorized staff may carry out the deposit and withdrawal of backup media from storage locations onlyģ.7 Copies of backup files moved to or from off-site storage locations must be provided with defined and agreed levels of security during transportation.ģ.8 The retention period of backup must be in accordance with relevant regulatory requirements. Backup’s media found to be unreadable must be reported to the Head of Computer Operations.ģ.6 All movements of backup media must be monitored and logged. Backup’s copies must be transferred to the off-site location regularly, preferably at least once daily.ģ.4 Security of backup’s storage media must be maintained in compliance with the Physical Security/Environmental Controls Standards.ģ.5 There should be a periodic testing of backup media at both on-site and off-site locations (at least once a year) to ensure that backup are in useable condition for recovery and that their contents are as documented. 3.3 Copies of backup files and documentation must be kept off-site in a secure location at all times.
0 Comments
Leave a Reply. |