We are currently reviewing our backup policy and I am wondering what other people do. Currently we do a monthly backup on Monday and Tuesday to Friday we do a weekly backup. The Monday disks go to a safe in the accounts department and the Tuesday to Friday disks will go home with an IT staff member.
The main bone of contention is the taking home of disks as the Director of ICT doesn't think it is fair on us to take them home in case of theft etc. We have talked about placing a backup server somewhere else on the site but there is debate over what is considered far enough away.
Anyone have any thoughts on this?
We have a 2 hour Data rated fire safe on the other side of the building, which is in a cupboard on its own. All backups are stored in here, none go off site.
We were told by audit not to take backups off site as this puts the data at risk from theft, loss etc (?!?) This was mainly talking about MIS and Financial data, they did not really care about students files.
I have also previously been told not to rely on fire proof safes because in a serious fire, the tapes may well survive, but the chances of being allowed anywhere near it to retrieve them by the fire officers is slim.
This did not leave us many options but we do have a large site so we send key data to an offsite backup via the internet (MIS data etc.) and everything else is copied to a backup SAN in the furthest building from the building the servers are in.
We do a full backup once a week and incrementals every evening so in theory we just need the full and the latest incremental to get everything back. The Backup SAN has enough disk space to keep the full backup for at least a month, but we also make sure that the MIS backups go back further than this.
We also take advantage of volume shadow copy to try and keep replace / deleted student files for as long as possible.
We do full backups Monday to Thursday, then have five sets of Friday tapes which are rotated. All kept in a safe in another block.
When I started here the safe was directly next to the servers, which was a bit stupid, really.
Taking backup data off-site is reasonable if it will be stored securely whilst off-site, is encrypted on backup and is carefully audited / logged. Also check with your insurers about what they have to say about taking data off-site as they may have criteria which have to be met to be able to claim on insurance should the worst happen.
We are on a large site so we have thought about putting a backup server somewhere other than the network office but we aren't sure how far away is considered far enough. The schools test condition is a plane hitting the site, so probably needs to be far off site.
Thanks for the responses :)
TBH with a plane hitting the site your pretty screwed!
Originally Posted by Reaper
We backup to a seperate building on site for our daily/weekly backups, and then in another building on site we have disk machine with our monthly backups on.