KING SAUD UNIVERSITY - جامعة الملك...
Transcript of KING SAUD UNIVERSITY - جامعة الملك...
VERSION 1.1
INTERNAL USE ONLY
BACKUP & RESTORATION
PROCEDURE
KING SAUD UNIVERSITY
DEANSHIP OF ETRANSACTIONS & COMMUNICATION
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 2 of 18 Internal Use Only
REVISION HISTORY
Sr. No. Date of
Revision Ver. Validity Description of change Reviewed By Approved By
1 18/03/12 1.0 One Year Initialization Nasser A. Ammar Dr. Mohammed A Alnuem
2 02/03/13 1.1 One Year Department Ownership
Changed Mr. Toqeer Ahmad
Mr. Mohammed A.
Alsarkhi
3 05/03/13 1.1 One Year No Change Mr. Toqeer Ahmad Mr. Mohammed A.
Alsarkhi
4
5
6
7
8
9
10
DISTRIBUTION LIST
Sr. No Version Number Name Designation Department
1
2
3
PREPARED BY REVIEWED BY APPROVED BY
ALTAMASH SAYED NASSER A. AMMAR DR. MOHAMMED A ALNUEM
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 3 of 18 Internal Use Only
TABLE OF CONTENTS
1. PURPOSE .................................................................................................. 4
2. SCOPE ...................................................................................................... 4
3. RELATED POLICIES AND PROCEDURES ...................................................... 4
4. PROCEDURE ENFORCEMENT / COMPLIANCE ............................................ 4
5. DOCUMENT OWNER ................................................................................ 5
6. ROLES & RESPONSIBILITY ......................................................................... 5
7. INVOCATION ............................................................................................ 6
8. BACKUP PROCEDURE FLOWCHART ........................................................... 7
9. BACKUP PROCEDURE DETAILS .................................................................. 8
10. RESTORATION PROCEDURE FLOWCHART ............................................ 12
11. RESTORATION PROCEDURE DETAILS ................................................... 13
12. ANNEXURE .......................................................................................... 16
12.1 FORM ...................................................................................................................... 16
12.2 RECORD ................................................................................................................... 18
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 4 of 18 Internal Use Only
1. PURPOSE The purpose of Backup and Restoration Procedure is to establish an effective way for the backup
and restoration process adopted by King Saud University - eTransactions & Communication
Deanship.
The data of King Saud University - eTransactions & Communication Deanship is a valuable asset
which could be lost or destroyed by intentional/unintentional actions. Therefore, it is crucial to
safeguard ETC Deanship Department assets by implementing a backup and restore procedure which
will define the required actions to protect ETC Deanship's data.
2. SCOPE This procedure applies to King Saud University (KSU) - eTransactions & Communication (ETC)
Deanship and all parties, its affiliated partners or subsidiaries, including data processing and process
control systems, that are in possession of or using information and/or facilities owned by KSU-ETC
Deanship.
This procedure applies to all staff/ users that are directly or indirectly employed by KSU-ETC
Deanship, subsidiaries or any entity conducting work on behalf of KSU that involves the use of
information assets owned by ETC Deanship.
3. RELATED POLICIES AND PROCEDURES Backup Policy
Communications and Operations Management Policy
Change Management Policy
Change Management Procedure
4. PROCEDURE ENFORCEMENT / COMPLIANCE Compliance with this procedure is mandatory and ETC Deanship managers shall ensure continuous
compliance monitoring within their departments. Compliance with the statements of this procedure
is a matter of periodic review by Risk & Information Security Department and any violation of the
procedure will result in corrective action by the ISMS Steering Committee.
Disciplinary action will be depending on the severity of the violation which will be determined by the
investigations. Actions such as termination or others as deemed appropriate by ETC Management
and Human Resources Department will be taken.
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 5 of 18 Internal Use Only
5. DOCUMENT OWNER ISMS Manager
6. ROLES & RESPONSIBILITY Each role involved in this procedure shall have main responsibilities as follows:
1. ISMS Manager
Evaluating and approving backup and restoration plan according to KSU-ETC Deanship's
business needs, considering security and requirements.
Informing requester about the results and status of the backup request, backup plan
evaluation and approval.
2. Backup Requester / Asset Owners
Initiating backup or restoration request and filling up the request form.
Coordinating with respective ETC Deanship Department to prepare the request.
3. ETC Deanship Department
Evaluating technical requirement of backup in terms of backup frequency, data size, offsite
storage, retention and restore.
Developing backup plan in terms of backup scope, frequency, type, mechanism, storage
location, retention period, encryption, media labeling and media destruction.
Planning and performing all activities required for backup and restoration procedures (e.g.
obtain, prepare the backup media and prepare systems for the backup/ restoration).
Maintaining accurate records of backup and restoration procedures details and components.
Evaluating the backup and restore requests according to ETC deanship's business and
security needs.
Determining the criticality of restore process.
Agreeing and reviewing with Backup Requester / Asset Owners in all details of backup and
restoration with regard to information security.
Ensuring that the backup and restoration procedure is properly implemented.
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 6 of 18 Internal Use Only
7. INVOCATION This procedure shall be followed whenever there is:
BACKUP INVOCATION:
Request for Backup
If there is a business need to backup any information, a request must be initiated; and this
procedure will be triggered.
Emergency Backup Request / Disaster Response
In the event of urgent change, disaster and emergency backup request shall be initiated; and
this procedure will be triggered.
Conditional Backup Request (Changes Request / Patch Implementation)
If there is a change in any information system or a patch needs to be implemented, a backup
request shall be initiated in order to roll back the information system to the previous status in
case of any an unexpected failure / disaster caused from that change.
Periodic Backup Plan
If there is a periodic backup request, this procedure shall be invoked.
RESTORE INVOCATION:
Regular Restoration Request
If there is a business need to restore any information, a request will be initiated; and this
procedure will be triggered.
Emergency Restore
In the event of a disaster, an emergency restoration request will be initiated; and this
procedure will be triggered.
Periodic Backup Restoration Testing
To ensure that the backup scheme is working as expected, restoration testing shall be
initiated on a periodic basis.
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 7 of 18 Internal Use Only
8. BACKUP PROCEDURE FLOWCHART
Start / End
Log/Record
Step 1
Form
Reference to another
procedure
1
Decision
Input/
OutputStart and end of the procedure
Storage to file
Document / Form
Another related procedure
An activity / step
Follow to step no.
Input or output infomation
A decision in a procedure
Flow of 2 or more different decisions
Ba
ck
up
Re
qu
es
ter
/
As
se
t O
wn
ers
ET
C D
ea
ns
hip
De
pa
rtm
en
t
Backup ProcedureStart
Backup Request
Pro
ce
ss
Backup Request
Received
Step 1.a
End
Backup and
Restoration Log
Backup
Process /
Verification
Step 4
Inspect Log and
take corrective
action
Step 6
Media Storage
Step 7
Backup and
Restoration Log
Evaluate Business
and Security
Requirements
Step 2
ISM
S M
an
ag
er
Decision
Evaluate Technical
needs & Approve
Backup Plan
Step 3
Accept
Restore Test
Step 5
Successful
Yes No
Inform Requester
Step 8
Reject
4
Automated Backup
Step 1.b
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 8 of 18 Internal Use Only
9. BACKUP PROCEDURE DETAILS
STEP 1.A : BACKUP REQUEST RECEIVED
Responsibility Backup Requester / Asset Owners
Input Backup Request Form
Actions
Backup Requester / Asset Owners will identify backup needs, and fill
up backup request form.
Proceed to step 2.
Output Backup Request Form
Backup Business Needs Identification
STEP 1.B : AUTOMATED BACKUP
Responsibility Backup Requester / Asset Owners
Input Automated Backup
Actions Automated Backup scheduled.
Proceed to step 4.
Output Backup Business Needs Identification
STEP 2 : EVALUATE BUSINESS NEEDS
Responsibility ETC Deanship Department
Input Backup Request Form
Backup Business Needs Identification
Actions
Once the backup request form initiated, the department will evaluate
the request according to business and security needs and then sends
it to the ISMS Manager for assessment.
Proceed to step 3.
Output Backup Request Form with Business and Security Requirements
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 9 of 18 Internal Use Only
STEP 3 : EVALUATE TECHNICAL NEEDS / BACKUP PLAN
Responsibility ISMS Manager
Input Backup Request Form with Business and Security Requirements
Backup Plan
Actions
Determine technical requirement, dependencies and limitations to
perform backup Job once or maintain periodic backup plan.
With the participation of the ETC Department Asset Owners, a
backup plan will be developed, which consists of the following:
Backup scope: what type of information/ data needs back up (e.g.
databases, network settings, file system, etc).
Backup frequency: durations by which back up will be taken (taking
into consideration the criticality/ availability factors).
Backup type: is it (full, incremental or online).
Backup mechanism: is it (automatic or manual).
Backup storage location: the storage for the backup media should
be in a secure location on-site/off-site in different zones if possible,
taking into consideration the criticality/ availability factors.
Backup retention period: establish the retention period for the
backup media.
Backup encryption: agree if encryption is required, for which data.
Media labeling: agree on a labeling scheme.
Media destruction: agree on media disposal process.
Once the plan has been determined, ISMS Manager will evaluate the
plan and decides on approval:
If plan is approved, proceed to step 4.
If plan is rejected, inform requester and go to step 8.
Output
Backup Form with Technical Requirements
Backup Plan
Approved / Rejected Backup Plan
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 10 of 18 Internal Use Only
STEP 4 : BACKUP / PROCESS VERIFICATION
Responsibility ETC Deanship Department
Input Approved Backup Plan
Actions
Respective department will start backup process, prepare the
environment and perform backup on systems / network devices.
The backup process will be validated to confirm the success of the
process and no problems were encountered by Backup Administrator.
Proceed to step 5.
Output System / Network Backup
STEP 5 : RESTORE TEST
Responsibility ETC Deanship Department
Input System / Network Backup
Actions
Respective department will perform a restore test on a test
environment to verify the ability of backup to be restored successfully
and meet the requester expectations.
If it is successful, go to step 7.
If it is unsuccessful, go to step 6 to analyze the issue and then go to
step 4 and re-perform the backup if required.
Output Successful / Unsuccessful Restore Test
STEP 6 : INSPECT BACKUP LOG
Responsibility ETC Deanship Department
Input Unsuccessful Backup / Test
Actions
In case of unsuccessful backup process, respective department will
inspect backup logs for errors detection and corrective actions will be
taken.
Go back to step 4 to retry the backup process again.
End process and inform requester if it is failed several times.
Update backup and restoration log.
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 11 of 18 Internal Use Only
Output
Backup Inspection Results.
Corrective Actions
Updated Backup and Restoration log
STEP 7 : MEDIA STORAGE
Responsibility ETC Deanship Department
Input Successful Backup Process
Actions
Respective department will store Backup media as per “Backup
Policy”.
respective department will update backup record and restoration log.
End of procedure.
Output Successful Backup Media Process and Storage
Updated Backup and Restoration Log
STEP 8 : INFORM REQUESTER
Responsibility ETC Deanship Department
Input Rejected Backup Plan
Unsuccessful Backup Process
Actions
Once the request has been rejected, ISMS Manager will inform the
requester with justification.
Add notification / update the request status.
End process if request is rejected / process completed.
Output Approved / Rejected Backup Request.
Requester Updated with Request Evaluation and Approval Status.
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 12 of 18 Internal Use Only
10. RESTORATION PROCEDURE FLOWCHART
Start / End
Log/Record
Step 1
Form
Reference to another
procedure
1
Decision
Input/
OutputStart and end of the procedure
Storage to file
Document / Form
Another related procedure
An activity / step
Follow to step no.
Input or output infomation
A decision in a procedure
Flow of 2 or more different decisions
Successful
Successful
End
Re
sto
rati
on
Re
qu
es
ter
/
As
se
t O
wn
ers
YesNo
Yes
Start
Restoration Procedure
Backup and
Restoration LogBackup and
Restoration Log
Notify ICT Infrastructure
Manager
Step 1
Restore
Verification
Step 5
Restore to Test
Environment
Step 4Step 6
Implement
RestorationRestoration
Preparation
Step 3
Inspect Logs &
Correct Errors
Step 8
Process
Completion
Step 7
ET
C D
ea
ns
hip
De
pa
rtm
en
t
Pro
ce
ss
Type ? Regular
Emergency
6
6
4
ISM
S M
an
ag
er
Evaluate Technical
Needs and
Approve Overall
Request
Step 2
No
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 13 of 18 Internal Use Only
11. RESTORATION PROCEDURE DETAILS
STEP 1 : NOTIFY ISMS MANAGER
Responsibility Restoration Requester / Asset Owners
Input Business Need for Restoration
Actions
Requester will complete restoration request form and send it to ISMS
Manager for evaluation.
Proceed to step 2.
Output Restoration Business Needs Identification
STEP 2 : EVALUATE TECHNICAL NEEDS AND APPROVE OVER ALL REQUEST
Responsibility ISMS Manager.
Input Restoration Request Form
Restoration Business Needs Identification
Actions ISMS Manager will evaluate restoration request from technical point
of view and send to step 3.
Output Restoration preparation
STEP 3: RESTORATION PREPARATION
Responsibility ETC Deanship Department
Input Approved Restoration Request Form
Actions
Respective ETC department will prepare storage media / environment
for restoration.
Prepare systems / network devices for restoration.
If a restoration request is an emergency, jump to step 6.
If a restoration request is a regular, proceed to step 4.
Output Prepared System and Storage Media
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 14 of 18 Internal Use Only
STEP 4: RESTORE TO TEST ENVIRONMENT
Responsibility ETC Deanship Department
Input Prepared System and Storage Media
Actions
Respective ETC department will perform restoration on the system /
network devices on a test environment.
Proceed to step 5 to verify the results with requester.
Output Test Restoration Process Results
STEP 5: TEST RESTORATION VERIFICATION
Responsibility ETC Deanship Department
Input Test Restoration / Restore Implementation Process Results
Actions
The requester will confirm the success of the test / implementation
process, the data is restored completely and the restored data is as
per the expectations.
If a process is successful, proceed to step 6 to perform the
restoration.
If a process is unsuccessful, go back to step 4 to re-test the
restoration.
Output Successful / Unsuccessful Test Restoration Process Results
STEP 6: IMPLEMENT RESTORATION
Responsibility ETC Deanship Department
Input Test Restoration Verification
Emergency Restoration Request
Actions
Respective ETC department will perform / implement restoration on
requested production system / devices:
If a restoration is successful, proceed to step 7.
If a restoration is unsuccessful, proceed to step 8.
Output Implementation of Restoration
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 15 of 18 Internal Use Only
STEP 7: PROCESS COMPLETION
Responsibility ETC Deanship Department
Input Restoration Process Completion Verification
Actions Respective ETC department will update the backup and restoration
Log.
Output Updated Backup and Restoration Log
Closed / Updated Restoration Request Form
STEP 8: INSPECT LOG AND CORRECT ERRORS
Responsibility ETC Deanship Department
Input Unsuccessful Restoration Process on System / Network Devices.
Actions
In case of unsuccessful restoration process, concerned department
will inspect logs for errors detection and corrective actions will be
taken.
Proceed to step 6 to retry the restoration process again.
End process and inform requester if failed several times.
Update backup and restoration log.
Output
Corrective Actions
Backup and Restoration Log
Updated Restoration Request Form
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 16 of 18 Internal Use Only
12. ANNEXURE
12.1 FORM
SECTION A BACKUP / RESTORE REQUEST
System Name/ Label System ID
Request Purpose & Description
Data Description
Requester Name: Signature: Supervisor Name: Signature:
Tel #: Department: Approved Not Approved Comments:
Email: Location:
SECTION B BACKUP PLAN
Type of Backup Backup Priority Backup Test
Planned Backup Media
Storage Location Backup
Frequency Backup Type
Backup Time (Optional)
Periodic / planned
Critical High Medium Low
Yes Details:
On Site Location: Daily Full
Date Start: / /
Emergency Weekly Incremental Date Finish: / /
Conditional Change Request Patch Management Other
No Reason:
Offsite Location: Monthly Differential
Time Start:
Other Other Time Finish:
SECTION C RESTORE PLAN
Type of Restore Restore Priority Restore Test
Planned Restore Media
Storage Location Restore Reason
Other Details Restore Time
(Optional)
Periodic Test
Critical High Medium Low
Yes Details:
On Site Location: System Fault
Date Start: / /
Emergency Human error Date Finish: / /
Conditional Change Request Patch Management Other
No Reason:
Offsite Location:
Incident / Disaster
Time Start:
Other Time Finish:
RESTORE DOWNTIME (OPTIONAL)
Yes (need signatures)
DOWNTIME DURATION DOWNTIME APPROVAL
Days: Time: Owner Name Signature
Start
Date:
Finish
Date:
Time: Time:
No
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 17 of 18 Internal Use Only
AFFECTED DEPARTMENT WHICH MUST BE NOTIFIED PRIOR TO THE RESTORE
DEPARTMENT NAME DIRECTOR NAME SIGNATURE
BACKUP / RESTORE TESTING
Test Plan Prepared Yes No
IF Not Successful
Cause :
Test Performed in Test Environment Yes No Recommendation:
Test Result Successful Not Successful
ROLLBACK / RECOVERY PLAN
Plan Prepared Yes No
IF Not Successful
Cause :
Plan Initiated Due to Restore Failure Yes No Recommendation:
Plan Initiated Result: Successful Not Successful
ADDITIONAL REQUIREMENT
Technical / Support Documentation Yes No Vendors staffs required in Computer Room
Yes (attach access request form) No
Implementation Plan attached Yes Not Required Drawing required and approved
Yes Not Required
SECTION D ISMS MANAGER APPROVAL
Department Name Director Name Approval Signature
Yes No
Yes No
BACKUP & RESTORATION PROCEDURE
ISMS/A.10.3/BR/PRO/ V1.1 Page 18 of 18 Internal Use Only
12.2 RECORD
BACKUP AND RESTORATION LOG
No. Date System/
Application Name
Backup Type
Restoration Type
Starting Time
Finishing Time
Status (Backup /
Restoration)
Person Name
Signature Remarks
1.
2.
3.
4.