Skip to content. | Skip to navigation

Advanced Search…
Personal tools
You are here: Home Policies and Standards ISO ISO PS015 Backup of Data

ISO PS015 Backup of Data

Policies and Standards
ISO PS015 Backup of Data
[Previous]  [Next]  [Policy Home]

Policy Name: Backup and Retention of Data
Policy Number: IS PS015
Effective Date: July 23, 2007
Review Date: July 23, 2008
Last Revision Date: July 23, 2007
Last Revision By: Brenda B. Gombosky
Contact Name: Bruce W. Edwards
Contact Email: ISOPolicy@louisville.edu
Approved By: Compliance Oversight Council
Version: 1.0

POLICY:

Regular back-ups are required for all University related data not hosted on University enterprise systems if the data is sensitive, proprietary or needed during the course of normal operations. Back-ups of data must be retained in accordance with University, State or Federal retention guidelines as appropriate for the data being backed-up.

Note: Information Technology conducts regular backs-up of all data stored on enterprise servers.

STANDARDS:

Administrative Standards

General:
Back-ups are an important part of disaster recovery and business continuity planning. Also see IS PS002 Business Continuity Planning and Disaster Recovery.

  • Files containing valuable information must be backed up (note that the University network drives may be utilized for this purpose). Note: University network drive back-ups are maintained for 30 days. Departments, schools or users with longer retention needs are encouraged to contact Information Technology to arrange special requirement back-ups.
  • Back-ups must be performed at regular intervals not less than weekly for all Department, School, Administrative Division or University wide valuable information. Smaller university entities and individuals must back-up valuable information at regular intervals not to exceed monthly (more often if the information changes frequently).
  • Back-ups must be maintained in a secure environment removed from the physical location of the computing device.
  • Back-ups should be encrypted and password protected and must be encrypted if custody of the back-ups is entrusted to a third party (non-UofL personnel) and the back-ups contain sensitive information.
  • Ability to successfully recover back-up files must will be tested periodically, but not less than annually and at the time of any significant hardware or software updates or changes in the system in question.
  • Back-ups must be retained in accordance with University retention guidelines to help the University meet all relevant regulatory or institutional requirements. Please see the University Archives & Records Center web site for more information.

Information Technology Division Computing Operations Centers:

  • Incremental back-ups of enterprise systems must be done daily
  • Full back-ups of enterprise systems must be done weekly.
  • Copies of back-ups must be rotated offsite daily for disaster recovery purposes.
  • Back-ups must be retained for a minimum of 30 days.
  • Backup and recovery must be available for 30 days after deletion.
  • Back-ups must be created for enterprise disaster recovery purposes.
  • Back-ups should not be relied upon for recovery of accidentally deleted files as a matter of routine, although restoration of files accidentally deleted or damaged can be requested by calling the Help Desk at 502-852-7997.
  • Schools, divisions or other users may subscribe to these enterprise class backup services and are billed on a cost recovery basis.

SCOPE / APPLICABILITY:

All persons while conducting/performing work, teaching, research or study activity or otherwise using University resources. Scope/Applicability also includes all facilities, property, data and equipment owned, leased and/or maintained by the University or affiliates.

POLICY AUTHORITY / ENFORCEMENT:

The University's Information Security Officer (ISO) is responsible for the development and oversight of these policies and standards. The ISO works in conjunction with University Leadership, Information Technology, Audit Services and others for development, monitoring and enforcement of these policies and standards.

POLICY REVIEW:

This policy will be reviewed annually to determine if the policy is in compliance with the applicable security regulations and University direction. In the event that significant regulatory changes occur, this policy will be reviewed and updated as needed.

COMPLIANCE:

Failure to comply with these policies and standards and/or any related information security and/or information technology policy, standard or procedure may result in disciplinary action up to and including termination of employment, services or relationship with the University and/or action in accordance with local ordinances, state or federal laws.

REVISION HISTORY:

Version / Revision Date / Description

1.0 / July 23, 2007 / Original Publication

This policy is subject to change or termination by the University at any time. This policy SUPERSEDES all prior policies, procedures or advisories pertaining to the same subject.

Approved July 23, 2007 by the Compliance Oversight Council
Shirley C Willihnganz, Executive Vice President and University Provost, Chair of the Compliance Oversight Council

[Next]

Document Actions

10/27/2008
University of Louisville Selects GuardianEdge to Protect Sensitive Data for Faculty, Staff, Doctors and Researchers

  • GuardianEdge, the leader in enterprise endpoint data protection, today announced that the University of Louisville has selected the GuardianEdge Hard Disk Encryption, Smartphone Protection and Device Control solutions to safeguard data for faculty and staff, doctors and researchers. [Click here for more information]

10/20/08
Fourth Annual Cyber-Security Awareness Week was a BIG Success!

08/25/08
Safe computing starts with knowing the rules of the road (InfoSec Bulletin #7 - August 25, 2008)

08/20/07
Information Security Policies
and Standards Approved: