S 6.25 Regular backup of the server hard disk

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

High standards must be set as regards the availability of the data stored on the hard disk of the server since, as a rule, these data are accessed by many users. Regular data backups must provide for reconstruction of all data on the server hard disk which, for instance, are not older than one day (cf. also S 6.32 Regular data backup).

A possible data backup policy is to backup data daily on an incremental basis (i.e. all modified data) and to make a complete backup once a week or once a month. As a minimum, the three-generations principle should be applied (three subsequent data backups are made before overwriting the first).

Documentation must be provided on all backups. As a minimum, the designation (as telling as possible) of the storage medium, the date and the type of data backup (incremental, complete) must be recorded.

Additional controls:

• Have the latest possible backups been made of all data on the hard disk of the server?

• Are generated data backups being documented?

• Is the backup process in conformity with the data backup policy, where established (cf. S 6.13 Development of a data backup policy)?