|
POLITICA DE GESTIÓN DE COPIA DE SEGURIDAD IT-DOC-06 Versión: 1 Fecha de creación: 15/03/2021 Fecha de actualización: 11/05/2026 |
![]() |
Table of Contents
1. Scope
2. Definitions
3. Backup Management Policy
3.1 Backup Monitoring:
3.2 Minimum Requirements
3.2.1 Data Backup Specifications
3.2.2 Restoration of Data
3.2.3 Contingency Plan
4.3 Additional Requirements for on-premise backup
4.3.1 Backup media Rotation
4.3.2 Media encryption
4.3.3 Storage and marking of backup media
5. Roles and Responsibilities
5.1 Backup Responsibility
6. Risk and Security Frameworks
7. Non-Compliance
1. Scope
This policy applies to MSC IT Colombia critical systems and data. Local workstations or laptops are excluded from backup policy.
Systems to be backed up include:
- Production servers and related system configurations
- Disaster Recovery servers
Data Types:
- User created data – (stored on One drive and Microsoft Teams)
- Critical Data stored Servers
- Databases Servers; Application and Operating System files - SERVERS**
2. Definitions
This policy defines backup and retention strategies to ensure availability of critical business systems and data
3. Backup Management Policy
MSC IT Colombia must be able to retrieve data to meet regulatory or business requirements, therefore, access, backup and retention of data are crucial to effective IT administration and management. MSC Technology shall safeguard the backup process to ensure its confidentiality, integrity, and availability.
- Recent data backups are available online to ensure rapid restoration.
- After a period, online copies are archived for secure long term for storage.
- Access to backed up data is also considered privileged and must be approved by management.
- Approval must be documented before the access is granted to any critical or confidential data contained on backup media.
3.1. Backup Monitoring:
This process will identify applications or systems that experienced backup failures. IT management shall regularly monitor backup alerts for failures and take corrective action.
Backup Configuration:
- IT Managers will decide the best approach for backup configuration and recovery of various IT systems and ensure that the process follows a uniform manner.
Off-Site Storage
- Tape-less Backup and Restore service performed periodically.
- Data is replicated to a cloud service.
Data Restore & Validation
- IT will determine the amount of time needed to restore data and inform the business of the time required to have data and applications active and ready for use.
- IT Administrators shall restore random data on a quarterly basis as to ensure data is recoverable.
3.2. Minimum Requirements
3.2.1. Data Backup Specifications
Data backup specifications should be in line with MSC business requirements and data retention policy.
IT management and data owner should define:
a) Data and systems to be backed up
b) The frequency of backup, and
c) The method of backup (automated or manual backup)
d) Storage type – (snapshots or high availability)
3.2.2. Restoration of Data
The backup administrator must test restoration processes on a periodic basis by restoring a random selection of data and a specific set of critical data.
Data may be restored on a production system only in following situations:
a) Restoration is sought and approved by IT Management and Business owners
b) Restoration is a part of disaster recovery process
3.2.3. Contingency Plan
Data backup process and procedures should be in line with business continuity and disaster recovery plan. Data backup administrators must be a part of disaster recovery team.
3.3. Additional Requirements for on-premise backup
3.3.1. Backup media Rotation
Multiple sets of backup storage media should be used in rotation. Automated software has defined retention policies to determine media reuse or tape overwrite.
3.3.2. Media encryption
Tapes are encrypted by the software and not readable outside of MSC.
3.3.3. Storage and marking of backup media
Back-up media must be stored in fireproof safe containers behind locked doors.
4. Roles and Responsibilities
4.1. Backup Responsibility
IT or IT team will designate a role to act as the IT Backup Administrator.
IT Backup Administrators
- Will maintain backup systems and ensure that data can be recovered in a timely manner.
- Conduct an overview of the backup software configuration annually to ensure that the MSC is adequately covered for current and future backup needs.
Business Managers
- Responsible to inform IT of the data retention period for application or systems.
- Provide requirements for new and existing data or applications that need to be backed routine
Matrix of Tasks and Responsible Groups.
|
Tasks |
IT Team |
MSC Business |
|
Define Backup Schedule |
X |
X |
|
Define Storage Retention |
X |
X |
|
Perform Backup Management |
X |
|
|
Perform Data Restoration |
X |
|
|
Implementation of Security Measures (Encryption/Access) |
X |
|
|
Resolution of Backup Failures |
X |
5. Non-Compliance
Employees must adhere to the stated requirements. Any employee to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
