Data Backup Policy

Backup procedures, ensuring that both data and software are regularly and securely backed-up, are essential to protect against the loss of that data and software and to facilitate a rapid recovery from any IT failure. This policy outlines guidelines for Externis staff on backing up Externis data. 

The data backup element of this policy applies to all Staff and third parties who use IT devices connected to the Externis network or who process, or store information owned by Externis.
All users are responsible for arranging adequate data backup procedures for the data held on IT systems assigned to them.

1. Best Practice Backup Procedures

All backups must conform to the following best practice procedures:

• All data, operating systems and utility files must be adequately and systematically backed up (Ensure this includes all patches, fixes and updates).
• Records of software licensing should be backed up.
• Back-up media should be stored safely in a remote location, at a sufficient distance away to escape any damage from a disaster at the main site.
• Regular tests of restoring data/software from the backup copies should be undertaken, to ensure that they can be relied upon for use in an emergency.
   

2. Responsibility for Data backup

Only critical systems are routinely backed up by IT Services in the current model.  The responsibility for backing up data held on the workstations of individuals regardless of whether they are owned privately or by Externis falls entirely to the User.
If you are responsible for a collection of data held either remotely on a server or on the hard disk of a computer, you should consult your IT Services about local back-up procedures. If you do not use the facilities provided by IT Services, you should put in place your own procedures.

3. Legal Requirements

Users when formulating a backup strategy should take the following legal implications into consideration:

• Where data held is personal data within the meaning of the General Data Protection Regulation (GDPR), there is a legal requirement to ensure that such back-ups are adequate for the purpose of protecting that data.
• Depending on legal or other requirements, it may be necessary to retain essential business data for a number of years and for some archive copies to be permanently retained.
• Depending on legal or other requirements, ex. General Data Protection Regulation (GDPR), Software Licensing, it may be necessary to destroy all backup copies of data after a certain period or at the end of a contract.
  
  
  4. Desktop Backups

The responsibility for backing up data held on the workstations of individuals regardless of whether they are owned privately or by Externis falls entirely to the User.
All network users using personal workstations/laptops should ensure that their data is backed up using one or a combination of the following methods:

• Backing-up to a local device :  Zip Drive, USB Key, External hard drive.
• Copying critical data on a regular basis to a remote server that is properly backed up by Externis (ex: OneDrive private account of Externis).
• Backups should be scheduled regularly.
• All users should backup their data before updating or upgrading software on their computer.
  
  
  4. Microsoft Azure Cloud

Externis is a partner of Microsoft and use the Azure Cloud Services to host web sites, databases, and data. All data hosted on the Azure Cloud complies with the Microsoft Azure Cloud Security and Data Backup processes. Specific documentation on the MS Azure Services may be requested to the Externis IT Services.