This policy will help you implement the backup environment that is appropriate for your company. It factors in onsite, remote, and cloud operations and covers issues such as storage capacity, network bandwidth, and access controls.

From the policy:
Summary
Technological advancements in recent years have provided great advantages by offering diverse tools, software, and platforms that generate operational flexibility. It has also led to some complex challenges: keeping track of massive amounts of data in disparate locations, under various user controls, and accessed via different types of devices both personally and company-owned. Shadow IT has also played a factor in adding to this complexity; data is not always under organizational control, and in some cases the IT department may not even be aware it exists.

To enable business continuity in the event of data loss/corruption, human error, and natural or man-made disasters, the organization must regularly back up all data needed for business operations and ensure the restore processes involved are sound.

Critical elements of a successful data backup policy are based on identifying key staff responsible for administering and maintaining the backup environment (hereafter referred to as the backup team), understanding what should be backed up, when and where it will be backed up, how often it will be backed up, how long backups should be kept, and confirming the success of all those operations.

Scope
All employees, including full-time, part-time, contract workers, consultants, interns, temporary workers, and other personnel, are covered by this policy. It also applies to all company-owned equipment or material related thereto.

Exceptions
There are no exceptions to this policy except where permitted in writing by the IT department, backup team, and/or Office of Security.