Daffodil International University
Data Backup Policy and Security
Subject: Data Backup Policy and Security
Policy No: 001
Date Adopted: 14-05-2018
I. PURPOSE
The purpose of this policy is to outline the requirements for performing periodic backups of university systems, applications, and data to ensure they are adequately preserved and protected in the event of accidental deletion, data corruption, system failure, or disaster.
II. ACCOUNTABILITY
Under the direction of the management of DIU; Software, IT and web shall implement and ensure compliance with this policy. The concern members of the respective section will implement this policy.
III. APPLICABILITY
This policy applies to any DIU faculty member, staff member, student, Part time employee, outside vendor, or visitor to campus ("User") who process and/or store University data.
IV. DEFINITIONS
1. Availability– the expectation that information is accessible by DIU when needed.
2. Confidentiality– the expectation that only authorized individuals, processes, and systems will have access to DIU information.
3. Integrity– the expectation that DIU's information will be protected from improper, unauthorized, destructive, or accidental changes.
4. DIU Community– faculty members, administrative employees, non-employees, students, contractors, accounts, exam, legal agent, and any other third parties of DIU.
V. POLICY
1. One of the most critical functions an IT organization can undertake is ensuring a structured and highly formalized data backup policy and procedures are in place. Backups are a must for any organization, especially considering today's growing regulatory compliance landscape and the ever-increasing cyber security threats for which education institutes are facing on a daily basis. A well thought out, efficient, and reliable backup and recovery strategy is essential for ensuring the confidentiality, integrity, and availability of critical data.
2. The University requires that all University data is backed up according to the following best practices:
a) All University systems, applications and data must be backed up on a technically practicable schedule suitable to the criticality, integrity, and availability requirements, as defined by the data owner.
b) Retention period of backups should be proportionate to the criticality, integrity, and availability needs of the data. At a minimum, backup copies must be retained for 30 days, when appropriate.
c) Records must be kept detailing the backup environment (what data is backed up and where it is backed up).
d) Backup schedules must be maintained and periodically reviewed.
e) Backups of confidential or sensitive information will be encrypted.
f) All University data should have at least three fully recoverable backup version stored in a secure, geographically diverse location from the primary location of the data.
g) Recovery procedures for the restoration of data must be kept up to date.
h) Backup and recovery documentation must be maintained and periodically reviewed and updated to account for new technology, professional changes, and migration of applications to alternative platforms.
i) Backup media or devices must be clearly labeled.
3. Non-Compliance and Sanctions Violations of this policy may subject the violator to disciplinary actions by the university.