Data Backup Policy

1.0 Purpose

The purpose of this policy is to maintain the data integrity and availability of FinGoal resources to prevent loss of data and to facilitate the restoration of resources and business processes.

2.0 Scope

This policy applies to all members of the FinGoal team including employees, contractors, and temporary workers.

3.0 Policy

3.1 Main Objectives

Incremental backups of critical FinGoal data shall be performed every 24 hours to ensure rapid recovery per the FinGoal 24 hour Recovery Point Objective.
An inventory of backups must be maintained.
A backup restore must be performed periodically to validate the RPO and RTO defined by FinGoal’s Business Continuity Plan.

3.2 Backup Modes

Network file storage is the preferred backup mode.
Files may be copied to once-writeable (CDs, DVDs) media or rewritable storage media (hard disks, other magnetic media, and flash memory devices) only with approval from the CISO or another member of the FinGoal leadership team.
Every device or file should utilize a password so all information is protected. Protected information must be encrypted.

3.3 Backup Procedures

Backup procedures and policies are developed for two purposes, disaster recovery and file recovery. In the event of a catastrophe, due to a physical disaster, personnel error, or other misfortune, reliable backups must provide timely and accurate restoration of all functions of the organization. Individual file recovery may be required to restore programs, information or other data that has become corrupted or inadvertently removed.

Backup procedures for all servers must be approved by the CISO or another member of the FinGoal leadership team. Procedures must include an appropriate time schedule, media description, storage, documentation, and testing process.
Knowledge of the backup location and access to the site should be limited to a few key people within the organization, but at least two individuals should have access to the facility. In addition, the access should be documented and given to a senior administrator outside of the technology team.
An individual outside of the technology team will audit all backup procedures regularly to insure that backups are taking place as outlined in the policy.

4.0 Compliance

Staff members found in policy violation may be subject to disciplinary action, up to and including termination.