Policy
Liberty University Information Services (LUIS) will provide policy-based, system level, network-based backups of IT systems.1
Standards
Information system owners must ensure that adequate backup and system recovery procedures are in place.2
Information stored on laptops or portable computers must be backed up regularly. It is the responsibility of the user that this takes place on a regular basis.3
Backup of the university’s data files and the ability to recover such data is a top priority. Management is responsible for ensuring that the frequency of such backup operations and the procedures for recovery meet the needs of the university. 2
The storage media used for the archiving of information must be appropriate to its
expected longevity. The format in which the data is stored must be carefully considered, especially where proprietary formats are involved.2
Management must ensure that safeguards are in place to protect the integrity of data files during the recovery and restoration of data files; especially where such files may replace more recent ones.4
Backups of LUIS servers and data must be retained such that server operating systems and applications are fully recoverable; any exceptions to this policy must be approved by the system owner and the information security office. This may be achieved using a combination of snapshot copies, incremental backups, differential backups, transaction logs, or other techniques.
Scope
All University Students, Faculty, Staff.
Purpose
The purpose of this policy is to safeguard the University’s information assets, prevent loss of data due to accidental deletion or corruption, and to facilitate timely restoration of information and business process should a system failure occur.
Business Information and services are a vital part of any organization and should be protected. Simply saving information is not enough; performing backups of all information within LUIS will help prevent business down time and/or loss of data and services. Failure due to computer malfunction, human error, and natural disasters could cause interruptions that are unrecoverable without adequate backups.
Definitions
Backup - The procedure for making extra copies of information stored on servers and computers in case the original is lost or damaged.
Restore - The process of returning to the former condition using a backup
System Owners - Manager or departmental head responsible for operation and maintenance of a University IT system or overseeing hosted systems under their purview.
National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) - provides a policy framework of computer security guidance for how private sector organizations in the United States can access and improve their ability to prevent, detect and respond to cyber attacks.
International Organization for Standardization (ISO) 27000 - part of the system for worldwide standardization
References
ISO/IEC 27001 2013 (More information available upon request)
6.2.1 Mobile device policy (ISO Policy 030602)
8.2.3 Handling of assets (ISO Policy 030606)
12.3.1 Information backup (ISO Policy 030601, 030603-030306)
NIST 800-53: More information here
CP-6 Alternative Storage Site
CP-9 Information System Backup
CP-10 Information System Recovery and Reconstitution
1 NIST 800-53: CP-6, CP-9, CP-10
2 ISO 27000: 12.3.1
3 ISO 27000: 6.2.1
4 ISO 27000: 8.2.3
August 22, 2018