IT backup policy

Scope

1.       This policy applies to:

1.1 All electronic data held within the central administration system (“KAT II”)

1.2 All electronic data stored within the corporate website

1.3 All electronic data stored in any of the Learning Management Systems (“LMS”)

1.4 All electronic data stored in any of the Learning Records Systems ("LRS")

1.5 Email correspondence both inbound and outbound that is held on the Exchange Server ("Ofice 365")

1.6 All electronic documents / files that are held within SharePoint (“Offie 365")

 

2.       This policy does not cover:

2.1 Information held in non-electronic format

2.2 Data stored locally to PCs / laptops or other end user device

2.3 Data stored on removable media

2.4 Any device / server / file storage area that is not authorised by the IT Manager to be part of the corporate network

Purpose

3.       The purpose of this document is to set out clear guidance on the corporate data backup policies and retention of these backups. 

Introduction

4.       International Workplace Ltd (IWL) collects and processes a diverse range of information for various purposes.  Information is a vital asset that the company is reliant on both for the provision of services and the management of them.

5.       IWL also holds records on behalf of clients via the LMS and eLearning provisioned services.  This information relates to training records and activities and may be considered business critical to clients.

6.       Therefore it is necessary that there is a secure and robust backup framework in place to ensure that in the event of a Disaster Recovery scenario, that data and files can be restored promptly and with minimal loss.

Backup policy

7.       Systems and data will be backed up automatically as per the below schedule:

 

 

System / Platform

Backup Schedule / Retention

Location(s)

KAT II

 Daily full backups retained for 14 days

Daily backups are made to provisioned cloud storage within the EEA

Corporate Website

Daily full backups retained for 14 days

Daily backups are made to provisioned cloud storage within the EEA

LMS and LRS

Daily full backups retained for 14 days

Daily backups are made to provisioned cloud storage within the EEA

Exchange(Office365)

As per standard Microsoft Office 365 backup procedures

As per standard Microsoft Office 365 backup procedures

SharePoint(Office 365)

As per standard Microsoft Office 365 backup procedures

As per standard Microsoft Office 365 backup procedures

 

8.       Additional “one-off” backups will be made of any of the above systems immediately prior to any upgrades / patches / version release or bulk data change in line with the corporate change control policy and will be destroyed upon verification that they are no longer required or after 14 days.

Backup verification

9.       All backups to systems have backup verification tests as part of the process of completing the backup.

10.   Daily the IT department will review the backup log files to ensure all backups have completed successfully and in the event of a failure take immediate remedial action and ensure that a working backup has been taken.

11.   Additional spot check and test restores will be made by the IT department to ensure that the backup files are consistent, contain no corruption and are fit for purpose.

Changes to backup schedule and retention

12.   Any change to the backup schedules or retention periods listed within this document have to be approved and signed off by the Change Advisory Board (CAB) as per the change Control Policy.

13.   Clients may request changes to the standard backup and retention periods.  This will be reviewed on a case by case basis and where applicable incur additional costs to the client for the additional storage required.

Review

14.   All policies and procedures relating to information governance or information security will be reviewed by the Information Governance Working Group annually or when there is a requirement to due to regulatory or other changes.

 

Version 3, updated 01/05/2018