The URL can be used to link to this page

Home My WebLink AboutPOL-016-23 Data Backup COUNTY OF NEWELL - POLICY HANDBOOK POLICY NO: POL-016-23 TITLE: DATA BACKUP ADOPTED: March 9, 2023 (C-71/23) SUPERCEDES NO: 2014-PAD-067 PAGE NO: 1 of 2 POLICY PURPOSE: This policy establishes management of secure backup and restoration processes on appropriate backup media. Data backup mechanisms help safeguard the information assets of the County, prevent data loss in case of accidental deletion or corruption of data, system failure, or disaster, and permit timely restoration of information and business processes should such events occur. This policy applies to all County data, including data hosted outside of the County’s Information Technology (IT) Infrastructure and stored in a cloud service. DEFINITIONS: Backups are a periodic copy of data required to restore data in case of data loss. Data includes, but is not limited to, network files, databases, web contents, and operating systems. Information Assets an identifiable collection of data recognized as having value for the purpose of enabling an organization to perform its business processes. Approved Cloud Services data hosted by a 3rd party application that has been reviewed by the Director of IT and approved by the Chief Administrative Officer. This includes cloud storage and rd 3 party hosted applications. Data Users all authorized users of County data, including, but not limited to County employees, elected officials, 3rd party contractors, consultants, and partners, who access and use County systems and IT equipment or who create, process, or store data owned by the County. Data Owners employees, elected officials, 3rd party contractors, consultants, and partners, identified as the responsible party/department in the County’s Records Inventory. POLICY GUIDELINES: The County’s data must be regularly backed up and the backups must be restorable. Data Owners, in consultation with IT staff, must determine the appropriate backup interval. A change to this interval must be requested via a service request to the IT Help Desk or during the annual review of the Backup Retention Schedule. Backups must be stored in a secure location, protected from physical and environmental damage and secured through controlled access. Data no longer required must be removed from the backup in a manner that prevents the data from being read. Backups of County data may be located in one or more locations including on-site, off-site, or approved cloud storage (Example: apple cloud, one drive, iTunes, hosted data locations). POL-016-23 DATA BACKUP Page 2 of 2 Backups of data stored in approved cloud/hosted services will be maintained and retained as per the agreements with each service provider. Requests for restoration of accidentally deleted or corrupted information must be made through the IT Help Desk. ROLES & RESPONSIBILITIES: Data Users are responsible to store and manage County data as outlined in this policy. Backup of data stored outside of the County Network on a computer device such as desktops, laptops, and mobile devices or on cloud locations is the responsibility of the individual who stores it. Data Owners are responsible for vetting cloud service providers against the Cloud Service Assessment Guidelines to ensure that adequate backups are being retained and are clearly outlined prior to entering into agreement. IT Department is responsible for:  Maintaining an inventory of the location and intervals of data backups.  Reviewing daily backup logs for errors, abnormal durations, and to look for opportunities to improve backup performance.  Taking corrective actions when backup problems are identified to reduce risks associated with failed backups.  Performing random test restorations annually to verify backups are successful.  Maintaining records of backups and restoration tests.