Expert Advice Community

Guest

Backup policy

  Quote
Guest
Guest user Created:   Dec 02, 2020 Last commented:   Dec 02, 2020

Backup policy

I'm new to Information Security, and I have read Document policy, but I have concerns about the Backup responsibility.

Is the DBA responsible to take and store the Backup? or should be another responsible for it?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 02, 2020

ISO 27001 does not prescribe responsibilities about backup, so organizations are free to define them as best fulfill their needs.

Considering that, for defining the responsibilities for the backup process, you should analyze potential risks (e.g., lack of knowledge, human error, sabotage, etc.), and applicable legal requirements (e.g., laws, regulations, and contracts), to identify how responsibilities should be defined.

For example, through risk analysis, you may find that there are no relevant risks if the DBA is responsible for taking and storing the Backup, but you may have a contract with a client that defines a different role to be responsible for the backup process (e.g., the backup should be performed and managed by a system administrator).

To see how a backup policy compliant with ISO 27001 looks like, please access the demo template at this link: https://advisera.com/27001academy/documentation/backup-policy/

These articles will provide you a further explanation about defining responsibilities:

These materials will also help you regarding the definition of responsibilities:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 02, 2020

Dec 02, 2020

Suggested Topics

Guest user Created:   Jul 23, 2018 ISO 27001 & 22301
Replies: 1
0 0

Backup policy