SOP Backup and Restore
Backup and Restore
SOP Number IT/012/R.1
SOP Title Backup and Restore
NAME
TITLE
DATE
Author
Sandeep R. Yadav
System Admin
27-11-2022
Reviewer
Milind Khedekar
Senior Manager
27-11-2022
Authoriser
Mahaveer Devannavar
General Manager
27-11-2022
Effective Date:
01-12-2022
Review Date:
28-11-2022
1. PURPOSE
The purpose of this SOP is to ensure data recovery in the event of primary data failure. Such failures can occur due to hardware or software malfunctions, data corruption, or human actions, including accidental deletion or malicious attacks (e.g., viruses or malware)
2. INTRODUCTION
Data backups are conducted to safeguard the work of individual teams or departments, as this data is considered the intellectual property of the organization. Restoration is the process initiated when data is unavailable at its original location due to corruption, deletion, or virus attacks
3. SCOPE
This procedure applies to all electronic data stored on-premises, cloud-based servers, and organization-issued devices such as computers, notebooks, servers, and network devices managed by the Somaiya IT department. It encompasses data that is critical to the organization's daily operations and intellectual property
4. RESPONSIBILITIES
Role of System Administrator:
The System Administrator is responsible for scheduling and performing backups of all critical servers, with a minimum frequency of once per month. In the case of any backup or recovery failure, they must escalate the issue to the Senior Manager and Head of Department, ensuring a root cause analysis is performed
5. SPECIFIC PROCEDURE
5.1. Data to be backed up:
All data that are considered to be business critical for running day-to-day operations considered “Critical Data” and must be protected from loss (accidental or intended). These include,
- Data that, if list, would prevent Organisation from conducting normal business operations now or in the future
- Data that has been entrusted to Organisation, either by customers or partners
- Data that, if lost, could subject Organisation to legal or contractual penalties
- Data that, if lost, could adversely affect Organisation reputation
5.2. General Procedure:
Backups of critical data shall be conducted everyday according to an established backup schedule. A record of all backup activities shall be maintained in a backup log in Veeam backup and application tool. Backup logs must be reviewed daily by the System Administrator
5.3. Backup Schedule:
Critical data backups must be conducted daily, adhering to the predefined backup schedule. A detailed record of all backup activities will be maintained in the backup log, which will be reviewed by the System Administrator, please check below hyperlink for
Schedule VMware backup replication.xlsx
Schedule AWS instance backup.xlsx
5.4. System backup policy:
In addition to business data, IT Team is performing regular backups and restoration tests of all IT environments managed by Department of Information Technology. Data to be backed up includes,
- System state data of all Microsoft and Linux servers to save all system-specific settings and information
- All local drives on the Microsoft and Linux servers
- All Database Servers, Active directory servers etc
5.5. Backup media storage:
Backup media must be stored in a location that is secure from unauthorized access and equipped with fire and water damage prevention mechanisms. These measures should be part of a comprehensive disaster recovery plan
5.6. Backup media retention:
- Daily incremental backup is pointed on on-premise NAS box and retain for two weeks
- Weekend full backup is taking place on NAS box and retain for two weeks
- Cloud backup is schedule for full backup daily on AWS S3 bucket with retention span of four weeks
5.7. Back-up device health check:
Health check of back-up devices are performed every quarter. Upgradation of backup devices are considered on used case basis considering the health, performance and technical scalability of backup device.
5.8. Restore testing procedure:
Backup tests are to be performed quarterly for each backup system. A restoration test must consist of a minimum of either 25 files or 100 megs of data. Restoration test documentation is to be kept by IT in repository. The data restoration is tested on test environment to test the integrity of data backed up
5.9. Restore Procedures:
Restores are performed on incidence basis. Documentation of the incidence and confirmation of the restore is documented with sign off from requestor
6. DEFINATIONS
6.1. Backup:
Backups are files, equipment, data and procedures (“Data”) available for use in the event of a failure or loss, if the originals are destroyed or out of service
6.2. Full backup:
A full backup includes all the data that are specified in the backup selections list for the policy, regardless of when they were last modified or backed up
6.3. Incremental backup:
A incremental backup all the data that have been modified since that last full backup
6.4. Restore:
The process of reinstating data that have been lost
7. FORMS/TEMPLATES TO BE USED
A standard templates is used to record incidence by Department of Information Technology
8. CHANGE HISTORY
SOP No.
Effective
Significant Changes
Previous
Date
SOP no.
IT/012/R.1
01-12-2022
First version
N.A.
IT/012/R.2
01-10-2024
Second Version
IT/012/R.1