KING SAUD UNIVERSITY - جامعة الملك...

VERSION 1.1

INTERNAL USE ONLY

BACKUP & RESTORATION

PROCEDURE

KING SAUD UNIVERSITY

DEANSHIP OF ETRANSACTIONS & COMMUNICATION

BACKUP & RESTORATION PROCEDURE

ISMS/A.10.3/BR/PRO/ V1.1 of 18 Internal Use Only

REVISION HISTORY

Sr. No. Date of

Revision Ver. Validity Description of change Reviewed By Approved By

1 18/03/12 1.0 One Year Initialization Nasser A. Ammar Dr. Mohammed A Alnuem

2 02/03/13 1.1 One Year Department Ownership

Changed Mr. Toqeer Ahmad

Mr. Mohammed A.

Alsarkhi

3 05/03/13 1.1 One Year No Change Mr. Toqeer Ahmad Mr. Mohammed A.

Alsarkhi

4

5

6

7

8

9

10

DISTRIBUTION LIST

Sr. No Version Number Name Designation Department

1

2

3

PREPARED BY REVIEWED BY APPROVED BY

ALTAMASH SAYED NASSER A. AMMAR DR. MOHAMMED A ALNUEM



TABLE OF CONTENTS

1. PURPOSE .................................................................................................. 4

2. SCOPE ...................................................................................................... 4

3. RELATED POLICIES AND PROCEDURES ...................................................... 4

4. PROCEDURE ENFORCEMENT / COMPLIANCE ............................................ 4

5. DOCUMENT OWNER ................................................................................ 5

6. ROLES & RESPONSIBILITY ......................................................................... 5

7. INVOCATION ............................................................................................ 6

8. BACKUP PROCEDURE FLOWCHART ........................................................... 7

9. BACKUP PROCEDURE DETAILS .................................................................. 8

10. RESTORATION PROCEDURE FLOWCHART ............................................ 12

11. RESTORATION PROCEDURE DETAILS ................................................... 13

12. ANNEXURE .......................................................................................... 16

12.1 FORM ...................................................................................................................... 16

12.2 RECORD ................................................................................................................... 18



1. PURPOSE The purpose of Backup and Restoration Procedure is to establish an effective way for the backup

and restoration process adopted by King Saud University - eTransactions & Communication

Deanship.

The data of King Saud University - eTransactions & Communication Deanship is a valuable asset

which could be lost or destroyed by intentional/unintentional actions. Therefore, it is crucial to

safeguard ETC Deanship Department assets by implementing a backup and restore procedure which

will define the required actions to protect ETC Deanship's data.

2. SCOPE This procedure applies to King Saud University (KSU) - eTransactions & Communication (ETC)

Deanship and all parties, its affiliated partners or subsidiaries, including data processing and process

control systems, that are in possession of or using information and/or facilities owned by KSU-ETC

Deanship.

This procedure applies to all staff/ users that are directly or indirectly employed by KSU-ETC

Deanship, subsidiaries or any entity conducting work on behalf of KSU that involves the use of

information assets owned by ETC Deanship.

3. RELATED POLICIES AND PROCEDURES Backup Policy

Communications and Operations Management Policy

Change Management Policy

Change Management Procedure

4. PROCEDURE ENFORCEMENT / COMPLIANCE Compliance with this procedure is mandatory and ETC Deanship managers shall ensure continuous

compliance monitoring within their departments. Compliance with the statements of this procedure

is a matter of periodic review by Risk & Information Security Department and any violation of the

procedure will result in corrective action by the ISMS Steering Committee.

Disciplinary action will be depending on the severity of the violation which will be determined by the

investigations. Actions such as termination or others as deemed appropriate by ETC Management

and Human Resources Department will be taken.



5. DOCUMENT OWNER ISMS Manager

6. ROLES & RESPONSIBILITY Each role involved in this procedure shall have main responsibilities as follows:

1. ISMS Manager

Evaluating and approving backup and restoration plan according to KSU-ETC Deanship's

business needs, considering security and requirements.

Informing requester about the results and status of the backup request, backup plan

evaluation and approval.

2. Backup Requester / Asset Owners

Initiating backup or restoration request and filling up the request form.

Coordinating with respective ETC Deanship Department to prepare the request.

3. ETC Deanship Department

Evaluating technical requirement of backup in terms of backup frequency, data size, offsite

storage, retention and restore.

Developing backup plan in terms of backup scope, frequency, type, mechanism, storage

location, retention period, encryption, media labeling and media destruction.

Planning and performing all activities required for backup and restoration procedures (e.g.

obtain, prepare the backup media and prepare systems for the backup/ restoration).

Maintaining accurate records of backup and restoration procedures details and components.

Evaluating the backup and restore requests according to ETC deanship's business and

security needs.

Determining the criticality of restore process.

Agreeing and reviewing with Backup Requester / Asset Owners in all details of backup and

restoration with regard to information security.

Ensuring that the backup and restoration procedure is properly implemented.



7. INVOCATION This procedure shall be followed whenever there is:

BACKUP INVOCATION:

Request for Backup

If there is a business need to backup any information, a request must be initiated; and this

procedure will be triggered.

Emergency Backup Request / Disaster Response

In the event of urgent change, disaster and emergency backup request shall be initiated; and

this procedure will be triggered.

Conditional Backup Request (Changes Request / Patch Implementation)

If there is a change in any information system or a patch needs to be implemented, a backup

request shall be initiated in order to roll back the information system to the previous status in

case of any an unexpected failure / disaster caused from that change.

Periodic Backup Plan

If there is a periodic backup request, this procedure shall be invoked.

RESTORE INVOCATION:

Regular Restoration Request

If there is a business need to restore any information, a request will be initiated; and this


Emergency Restore

In the event of a disaster, an emergency restoration request will be initiated; and this


Periodic Backup Restoration Testing

To ensure that the backup scheme is working as expected, restoration testing shall be

initiated on a periodic basis.



8. BACKUP PROCEDURE FLOWCHART

Start / End

Log/Record

Step 1

Form

Reference to another

procedure

1

Decision

Input/

OutputStart and end of the procedure

Storage to file

Document / Form

Another related procedure

An activity / step

Follow to step no.

Input or output infomation

A decision in a procedure

Flow of 2 or more different decisions

Ba

ck

up

Re

qu

es

ter

/

As

se

t O

wn

ers

ET

C D

ea

ns

hip

De

pa

rtm

en

t

Backup ProcedureStart

Backup Request

Pro

ce

ss

Backup Request

Received

Step 1.a

End

Backup and

Restoration Log

Backup

Process /

Verification

Step 4

Inspect Log and

take corrective

action

Step 6

Media Storage

Step 7

Backup and

Restoration Log

Evaluate Business

and Security

Requirements

Step 2

ISM

S M

an

ag

er

Decision

Evaluate Technical

needs & Approve

Backup Plan

Step 3

Accept

Restore Test

Step 5

Successful

Yes No

Inform Requester

Step 8

Reject

4

Automated Backup

Step 1.b



9. BACKUP PROCEDURE DETAILS

STEP 1.A : BACKUP REQUEST RECEIVED

Responsibility Backup Requester / Asset Owners

Input Backup Request Form

Actions

Backup Requester / Asset Owners will identify backup needs, and fill

up backup request form.

Proceed to step 2.

Output Backup Request Form

Backup Business Needs Identification

STEP 1.B : AUTOMATED BACKUP

Responsibility Backup Requester / Asset Owners

Input Automated Backup

Actions Automated Backup scheduled.

Proceed to step 4.

Output Backup Business Needs Identification

STEP 2 : EVALUATE BUSINESS NEEDS

Responsibility ETC Deanship Department

Input Backup Request Form

Backup Business Needs Identification

Actions

Once the backup request form initiated, the department will evaluate

the request according to business and security needs and then sends

it to the ISMS Manager for assessment.

Proceed to step 3.

Output Backup Request Form with Business and Security Requirements



STEP 3 : EVALUATE TECHNICAL NEEDS / BACKUP PLAN

Responsibility ISMS Manager

Input Backup Request Form with Business and Security Requirements

Backup Plan

Actions

Determine technical requirement, dependencies and limitations to

perform backup Job once or maintain periodic backup plan.

With the participation of the ETC Department Asset Owners, a

backup plan will be developed, which consists of the following:

Backup scope: what type of information/ data needs back up (e.g.

databases, network settings, file system, etc).

Backup frequency: durations by which back up will be taken (taking

into consideration the criticality/ availability factors).

Backup type: is it (full, incremental or online).

Backup mechanism: is it (automatic or manual).

Backup storage location: the storage for the backup media should

be in a secure location on-site/off-site in different zones if possible,

taking into consideration the criticality/ availability factors.

Backup retention period: establish the retention period for the

backup media.

Backup encryption: agree if encryption is required, for which data.

Media labeling: agree on a labeling scheme.

Media destruction: agree on media disposal process.

Once the plan has been determined, ISMS Manager will evaluate the

plan and decides on approval:

If plan is approved, proceed to step 4.

If plan is rejected, inform requester and go to step 8.

Output

Backup Form with Technical Requirements

Backup Plan

Approved / Rejected Backup Plan



STEP 4 : BACKUP / PROCESS VERIFICATION


Input Approved Backup Plan

Actions

Respective department will start backup process, prepare the

environment and perform backup on systems / network devices.

The backup process will be validated to confirm the success of the

process and no problems were encountered by Backup Administrator.

Proceed to step 5.

Output System / Network Backup

STEP 5 : RESTORE TEST


Input System / Network Backup

Actions

Respective department will perform a restore test on a test

environment to verify the ability of backup to be restored successfully

and meet the requester expectations.

If it is successful, go to step 7.

If it is unsuccessful, go to step 6 to analyze the issue and then go to

step 4 and re-perform the backup if required.

Output Successful / Unsuccessful Restore Test

STEP 6 : INSPECT BACKUP LOG


Input Unsuccessful Backup / Test

Actions

In case of unsuccessful backup process, respective department will

inspect backup logs for errors detection and corrective actions will be

taken.

Go back to step 4 to retry the backup process again.

End process and inform requester if it is failed several times.

Update backup and restoration log.



Output

Backup Inspection Results.

Corrective Actions

Updated Backup and Restoration log

STEP 7 : MEDIA STORAGE


Input Successful Backup Process

Actions

Respective department will store Backup media as per “Backup

Policy”.

respective department will update backup record and restoration log.

End of procedure.

Output Successful Backup Media Process and Storage

Updated Backup and Restoration Log

STEP 8 : INFORM REQUESTER


Input Rejected Backup Plan

Unsuccessful Backup Process

Actions

Once the request has been rejected, ISMS Manager will inform the

requester with justification.

Add notification / update the request status.

End process if request is rejected / process completed.

Output Approved / Rejected Backup Request.

Requester Updated with Request Evaluation and Approval Status.



10. RESTORATION PROCEDURE FLOWCHART

Start / End

Log/Record

Step 1

Form

Reference to another

procedure

1

Decision

Input/

OutputStart and end of the procedure

Storage to file

Document / Form

Another related procedure

An activity / step

Follow to step no.

Input or output infomation

A decision in a procedure

Flow of 2 or more different decisions

Successful

Successful

End

Re

sto

rati

on

Re

qu

es

ter

/

As

se

t O

wn

ers

YesNo

Yes

Start

Restoration Procedure

Backup and

Restoration LogBackup and

Restoration Log

Notify ICT Infrastructure

Manager

Step 1

Restore

Verification

Step 5

Restore to Test

Environment

Step 4Step 6

Implement

RestorationRestoration

Preparation

Step 3

Inspect Logs &

Correct Errors

Step 8

Process

Completion

Step 7

ET

C D

ea

ns

hip

De

pa

rtm

en

t

Pro

ce

ss

Type ? Regular

Emergency

6

6

4

ISM

S M

an

ag

er

Evaluate Technical

Needs and

Approve Overall

Request

Step 2

No



11. RESTORATION PROCEDURE DETAILS

STEP 1 : NOTIFY ISMS MANAGER

Responsibility Restoration Requester / Asset Owners

Input Business Need for Restoration

Actions

Requester will complete restoration request form and send it to ISMS

Manager for evaluation.

Proceed to step 2.

Output Restoration Business Needs Identification

STEP 2 : EVALUATE TECHNICAL NEEDS AND APPROVE OVER ALL REQUEST

Responsibility ISMS Manager.

Input Restoration Request Form

Restoration Business Needs Identification

Actions ISMS Manager will evaluate restoration request from technical point

of view and send to step 3.

Output Restoration preparation

STEP 3: RESTORATION PREPARATION


Input Approved Restoration Request Form

Actions

Respective ETC department will prepare storage media / environment

for restoration.

Prepare systems / network devices for restoration.

If a restoration request is an emergency, jump to step 6.

If a restoration request is a regular, proceed to step 4.

Output Prepared System and Storage Media



STEP 4: RESTORE TO TEST ENVIRONMENT


Input Prepared System and Storage Media

Actions

Respective ETC department will perform restoration on the system /

network devices on a test environment.

Proceed to step 5 to verify the results with requester.

Output Test Restoration Process Results

STEP 5: TEST RESTORATION VERIFICATION


Input Test Restoration / Restore Implementation Process Results

Actions

The requester will confirm the success of the test / implementation

process, the data is restored completely and the restored data is as

per the expectations.

If a process is successful, proceed to step 6 to perform the

restoration.

If a process is unsuccessful, go back to step 4 to re-test the

restoration.

Output Successful / Unsuccessful Test Restoration Process Results

STEP 6: IMPLEMENT RESTORATION


Input Test Restoration Verification

Emergency Restoration Request

Actions

Respective ETC department will perform / implement restoration on

requested production system / devices:

If a restoration is successful, proceed to step 7.

If a restoration is unsuccessful, proceed to step 8.

Output Implementation of Restoration



STEP 7: PROCESS COMPLETION


Input Restoration Process Completion Verification

Actions Respective ETC department will update the backup and restoration

Log.

Output Updated Backup and Restoration Log

Closed / Updated Restoration Request Form

STEP 8: INSPECT LOG AND CORRECT ERRORS


Input Unsuccessful Restoration Process on System / Network Devices.

Actions

In case of unsuccessful restoration process, concerned department

will inspect logs for errors detection and corrective actions will be

taken.

Proceed to step 6 to retry the restoration process again.

End process and inform requester if failed several times.

Update backup and restoration log.

Output

Corrective Actions

Backup and Restoration Log

Updated Restoration Request Form



12. ANNEXURE

12.1 FORM

SECTION A BACKUP / RESTORE REQUEST

System Name/ Label System ID

Request Purpose & Description

Data Description

Requester Name: Signature: Supervisor Name: Signature:

Tel #: Department: Approved Not Approved Comments:

Email: Location:

SECTION B BACKUP PLAN

Type of Backup Backup Priority Backup Test

Planned Backup Media

Storage Location Backup

Frequency Backup Type

Backup Time (Optional)

Periodic / planned

Critical High Medium Low

Yes Details:

On Site Location: Daily Full

Date Start: / /

Emergency Weekly Incremental Date Finish: / /

Conditional Change Request Patch Management Other

No Reason:

Offsite Location: Monthly Differential

Time Start:

Other Other Time Finish:

SECTION C RESTORE PLAN

Type of Restore Restore Priority Restore Test

Planned Restore Media

Storage Location Restore Reason

Other Details Restore Time

(Optional)

Periodic Test

Critical High Medium Low

Yes Details:

On Site Location: System Fault

Date Start: / /

Emergency Human error Date Finish: / /

Conditional Change Request Patch Management Other

No Reason:

Offsite Location:

Incident / Disaster

Time Start:

Other Time Finish:

RESTORE DOWNTIME (OPTIONAL)

Yes (need signatures)

DOWNTIME DURATION DOWNTIME APPROVAL

Days: Time: Owner Name Signature

Start

Date:

Finish

Date:

Time: Time:

No



AFFECTED DEPARTMENT WHICH MUST BE NOTIFIED PRIOR TO THE RESTORE

DEPARTMENT NAME DIRECTOR NAME SIGNATURE

BACKUP / RESTORE TESTING

Test Plan Prepared Yes No

IF Not Successful

Cause :

Test Performed in Test Environment Yes No Recommendation:

Test Result Successful Not Successful

ROLLBACK / RECOVERY PLAN

Plan Prepared Yes No

IF Not Successful

Cause :

Plan Initiated Due to Restore Failure Yes No Recommendation:

Plan Initiated Result: Successful Not Successful

ADDITIONAL REQUIREMENT

Technical / Support Documentation Yes No Vendors staffs required in Computer Room

Yes (attach access request form) No

Implementation Plan attached Yes Not Required Drawing required and approved

Yes Not Required

SECTION D ISMS MANAGER APPROVAL

Department Name Director Name Approval Signature

Yes No

Yes No



12.2 RECORD

BACKUP AND RESTORATION LOG

No. Date System/

Application Name

Backup Type

Restoration Type

Starting Time

Finishing Time

Status (Backup /

Restoration)

Person Name

Signature Remarks

1.

2.

3.

4.

KING SAUD UNIVERSITY - جامعة الملك...

Documents

Transcript of KING SAUD UNIVERSITY - جامعة الملك...