End user data backup policy
September 21, 2020
Data without an associated backup is only as reliable as the system upon which it is stored—and every system has a finite lifespan or may be susceptible to malware or hacking efforts. This policy offers guidelines for implementing manageable and reliable backups for user data.
From the policy:
When end users utilize systems—whether workstations, laptops, or mobile devices—to access, work on, and store company data, the loss or failure of those devices can put data at risk. Productivity, operations, and company reputation can be placed in jeopardy as well.
To protect itself, its employees, and its business activities, every organization should make regular backups of all end-user data stored on its systems, whether company-provided or employee-owned.
IT STAFF RESPONSIBILITIES
IT staff will perform the following tasks:
Designate appropriate network-based home or local directories (to be referred to as “protected directories” for users to store data on workstations that will be backed up, either through direct means via backup software, synchronization tools, or cloud storage.
Ensure sufficient allocation of space and application of appropriate permissions on these protected directories.
Implement and maintain a centralized backup system or official configuration that covers protected directories and devices. It should also include all other aspects of end-user data, such as messaging systems, databases, and instant messaging information. This backup system may be local (in-house, such as a data center) or external (such as in cloud storage provided by Box or Dropbox).
Establish a mobile device data backup method, such as using cloud storage like Google Drive or iCloud. See Tech Pro Research’s Cloud data storage policy for further information pertaining to this and other cloud storage-related endeavors. If cloud storage is prohibited by regulation or policy, the IT department will train users on how to download data from their mobile devices to protected directories on a periodic basis.
Ensure the backup of any data required by law and data required to recover from any type of disaster.