|
Article 8
|
An organization shall create the backup and backup mechanism based on the results of BIA:
- An organization shall establish an adequate data backup mechanism based on the system characteristics and recovery point objective (RPO), considering backup frequency, type of storage media (optical disk, external drive, magnetic tapes), type of data (virtual DSM, source code, database, configuration files, etc.), type of backup (full backup, incremental backup and differential backup), method of backup (network synchronization, network asynchronization and offline backup).
- When establishing the data backup mechanism, an organization is advised to consider the “3-2-1 backup rule”.
- Create at least three backup copies.
- Store backup copies separately on two different storage media.
- At least one copy is stored remotely.
- An organization shall establish the adequate system backup structure based on the system characteristics, needs of business unit and recovery time objective (RTO), such as mirror site, hot site, warm site or cold site.
- As part of its planning of backup and backup mechanism, an organization shall consider data traffic, backup network equipment, backup line, backup telecommunication service provider, and backup information security protection equipment.
- An organization shall periodically examine the on-site and remote system backup mechanism and on-site and remote data backup mechanism of core system to see if they satisfy the needs.
|