Policy

Liberty University Information Services (LUIS) will provide policy-based, system level, network-based backups of IT systems.1

 

Standards

Information system owners must ensure that adequate backup and system recovery procedures are in place.2

Information stored on laptops or portable computers must be backed up regularly. It is the responsibility of the user that this takes place on a regular basis.3

Backup of the university’s data files and the ability to recover such data is a top priority. Management is responsible for ensuring that the frequency of such backup operations and the procedures for recovery meet the needs of the university. 2

The storage media used for the archiving of information must be appropriate to its

expected longevity. The format in which the data is stored must be carefully considered, especially where proprietary formats are involved.2

Management must ensure that safeguards are in place to protect the integrity of data files during the recovery and restoration of data files; especially where such files may replace more recent ones.4

Backups of LUIS servers and data must be retained such that server operating systems and applications are fully recoverable; any exceptions to this policy must be approved by the system owner and the information security office. This may be achieved using a combination of snapshot copies, incremental backups, differential backups, transaction logs, or other techniques.

 

Scope

All University Students, Faculty, Staff.

 

Purpose

The purpose of this policy is to safeguard the University’s information assets, prevent loss of data due to accidental deletion or corruption, and to facilitate timely restoration of information and business process should a system failure occur.

Business Information and services are a vital part of any organization and should be protected. Simply saving information is not enough; performing backups of all information within LUIS will help prevent business down time and/or loss of data and services. Failure due to computer malfunction, human error, and natural disasters could cause interruptions that are unrecoverable without adequate backups.

 

Definitions

Backup - The procedure for making extra copies of information stored on servers and computers in case the original is lost or damaged.

Restore - The process of returning to the former condition using a backup

System Owners - Manager or departmental head responsible for operation and maintenance of a University IT system or overseeing hosted systems under their purview.

National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) - provides a policy framework of computer security guidance for how private sector organizations in the United States can access and improve their ability to prevent, detect and respond to cyber attacks.

International Organization for Standardization (ISO) 27000 - part of the system for worldwide standardization

 

References

ISO/IEC 27001 2013 (More information available upon request)

6.2.1 Mobile device policy (ISO Policy 030602)

8.2.3 Handling of assets (ISO Policy 030606)

12.3.1 Information backup (ISO Policy 030601, 030603-030306)

NIST 800-53: More information here

CP-6 Alternative Storage Site

CP-9 Information System Backup

CP-10 Information System Recovery and Reconstitution

 

NIST 800-53: CP-6, CP-9, CP-10

ISO 27000: 12.3.1

ISO 27000: 6.2.1

ISO 27000: 8.2.3

August 22, 2018