Procedure for Data Backup Protection

Effective Date: July 1, 2011

Date Last Reviewed: January 24, 2020

Issuing Authority: Information Technology Services

The main goal of the enterprise data protection strategy is to protect Temple’s enterprise data by having it backed up to an alternate location away from where the primary data resides. Electronic backups are a business requirement to enable the recovery of data and applications in the case of events such as natural disasters, system disk drive failures, sabotage, ransomware, data entry errors, or system operations errors.

Duplicate disk-based technology is currently deployed to back up the data of all enterprise level systems

The backup solutions reside in the secondary and tertiary backup data centers. It is assumed that enterprise production systems are in the primary data center. At pre-defined time intervals as specified in a backup plan (see below), a backup of the live data will be performed to our storage located in the primary data center. This data represents a point in time and is considered backup data.

For most non-critical systems, backup data and the live data constitute the two locations. Data deemed as mission critical may be replicated between locations using our Storage Area Network (SAN) technology. This guarantees that the data resides in at least two locations in a live production mode as well as at the second location as point-in-time backup data.

For mission-critical data that requires a higher level of protection, data is replicated to the tertiary backup data centers. The use of a replicated data solution is limited to select university mission critical systems, typically defined as Disaster Level Zero (DR0).

Backup services are NOT available as a standalone option. Backup services are bundled with storage services. The bundled storage/backup services can be purchased for a cost. Please contact ios@temple.edu for details.

The purpose of these guidelines is to establish the rules for the backup of electronic information. These guidelines shall be followed by all individuals responsible for the installation and support of technology resources, individuals charged with technology resources security, and data owners.

A backup plan must accompany each technology resource and/or data set being backed up. This plan will include backup frequency, files or file systems to be backed up, backup type (full, incremental, etc.) and retention requirements. Backup requirements must be planned for and in alignment with those requirements associated with storing the live data and based on recovery point objective (RPO) and recovery time objective (RTO). By default, data backups will be retained for 30 days for all systems. After that, backup data will no longer be available for retrieval.

Technology resources and data owners are required to keep the Infrastructure Operations Security (IOS) organization advised as changes are necessary. Technology resources and data owners are responsible for data backup validation and testing recovery. IOS will NOT be responsible for corrupt or incomplete data backups.