ITPOL10 IT Backup Policy & Procedures

Page 1

IT Backup Policy & Procedures

ITPOL10

Version: V5

Ratified By: Finance & Risk Committee

Date ratified: 02/04/2025

Job Title of Author: Assistant Director IT & Systems Technology Operations Manager

Reviewed by Sub Group or Expert Group: Technology Programme Board

Equality Impact Assessed by: Assistant Director IT & Systems

Related Procedural Documents: IGPOL53 – IT Security Policy ITPOL007 – Disaster Recovery Policy

Provide Disaster Recovery Plan

Expiry Date: 02/04/2028

It is the responsibility of users to ensure that you are using the most up to date document template – i.e. obtained via the intranet.

In developing/reviewing this policy Provide Community has had regard to the principles of the NHS Constitution.

Version Control Sheet Version

5 27/02/2025 Director of Technology Aligned with ISO27001 2023

1. Introduction

The Organisation’s increasing reliance on IT systems and the potential dangers that they are at risk from, means that we need to have procedures in place so that we can recover from any disaster leading to loss of data.

There are many possible risks that we need to protect against, including, but not exclusive to the following threats:

• Natural disasters – e.g. - Fire and Floods

• Failure of hard drives and other hardware

• Carelessness / accidental deletion of critical files

• Deliberate Sabotage and malware infection

These threats make it imperative that we have up to date backups in place at all times to ensure that we are able to recover from any such incident.

This policy covers all of the Organisation’s servers, including file and print servers, application servers and domain controllers regardless of if these are supported directly by the Provide Technology Team or by a third party.

The Information Security Policy (IGPOL53) states that sensitive and confidential data should not be stored on local hard drives so data stored locally is out of scope of this policy.

2. Purpose

To ensure that all data residing on the Organisation’s IT systems shall be protected against loss or corruption through the use of robust backup procedures. These procedures will be performed to ensure that the organisation is not significantly disrupted should a failure occur within any of the systems.

3. Definitions

Backup

Copying of data for the purpose of having an additional copy in the event that the original data is lost, corrupted or damaged. In which event a restore of the data would be performed.

Restore

The process of re-establishing data, such as a file to a previous state, usually after the data has been lost, corrupted or damaged.

4. Duties

Director of Technology

Responsible for ensuring that this Policy is implemented and is reviewed at least every three years.

Head of Infrastructure and Cyber Security

Responsible for ensuring there are documented Backup Procedures in place that adhere to this policy and that these are complied with

Technology Infrastructure Staff

Responsible for performing the backups to a high standard and as defined in the relevant process documents.

5. Consultation and Communication

This policy will be shared with all Provide Technology Staff who shall make themselves familiar with its content, it will also be made available to all staff on MetaCompliance

6. The Backup Approach

The Technology Team will backup all data it is required to do so as part of the terms of contracts that the Organisation delivers or where there is a business, statutory or regulatory requirement to do so. All other data will be assessed for inclusion based on risk, value of the data and cost of recreating it; the default position will be to backup data and all exclusions will be documented in an appendix to the backup procedures.

The Provide Technology Team has enabled “Previous Versions” within the file servers to support fast recovery of documents on a day to day basis. Industry standard software will be used to automate the creation of the backups.

For the servers maintained and supported by the Provide Technology Department, the backups will be held on disks contained within the DPM server or exported to tape as per the retention policy.

Data stored in the hosted data centre environment, will also be backed up using industry standards software but purely to disk.

All backup data must be encrypted using AES-256 encryption at rest and TLS 1.2+ in transit. Access to backup storage must be restricted to authorised personnel only, with role-based access control (RBAC) enforced. Physical backup media must be stored in a secure, fireproof, access-controlled facility.

To protect against ransomware, at least one backup copy must be stored as an immutable backup, preventing unauthorised modification or deletion. Access to backup data must be restricted based on the principle of least privilege (PoLP). Role-based access control (RBAC) must be enforced, and all backup access attempts must be logged and monitored. Audit logs must be reviewed monthly for unauthorised access attempts.

Cloud backups must be encrypted before transmission using AES-256 encryption. All cloud service providers must demonstrate compliance with ISO 27001, Cyber Essentials Plus, or NHS DSPT before handling backup data.

7. Retention Periods

Retention periods will be set by the business and will reflect the requirements of Organisation’s services.

Data held in the hosted data centre environment will be held for a minimum duration of 42 days and replicated across 2 sites

Data held by Provide will be held for a minimum of 42 days and will have a copy kept locally and a copy kept in the cloud.

Data of specific types, from specific systems or services can be held for longer periods where this is appropriate and has been agreed by the requesting service with both Information Governance and the Technology Service. However, data should not be kept for shorter periods.

Backup retention periods must align with GDPR Article 5(1)(e) (data minimisation & retention), NHS Data Security Protection Toolkit (DSPT) standards, and statutory retention laws. Any data subject request for deletion must be assessed against regulatory retention requirements before execution.

8. Backup Procedures

Backup procedures will be maintained by the Head of Infrastructure and Cyber Security in the form of a SOP.

9. Restoring Data

In the event that a restore cannot be completed by the end user using the “Previous Versions” functionality, the user should raise a request with the Provide Technology Service Desk specifying when and where the restore is required from.

Provide’s Restore Procedures (see Appendix A)will ensure that data can be re-established in the quickest possible time. Restores for data held on disk will be completed within the assigned Service Level but will be possible to complete within minutes where this is required.

The Restore Procedures will require that staff requesting data to be restored will need to log a request with the Provide Technology Service Desk and the call will need to be approved by the folder owner or their line manager.

"Backup validation testing must be conducted quarterly to ensure data integrity. Disaster recovery testing must be performed annually, simulating a full system restore. All test results will be documented and reviewed by the infrastructure team.

10.Disaster Recovery

Provide will maintain a Disaster Recovery Policy and Plan. The backup procedures required by this policy may be required if invoking the Disaster Recovery Plan.

11.Critical system RTO & RPOs

Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) will be tested as part of the DR exercises. Any failure to meet these objectives will trigger a policy review and corrective actions.

TPP SystmOne

TPP have a Zero Data Loss (ZDL) solution which is accredited by NHS Digital. ZDL ensures that at any time all data is stored in both the primary and secondary data centres. This means that in the event of a catastrophic failure in the primary data centre, service can be moved to the secondary data centre with absolutely no data loss. As such, the solution has a Recovery Point Objective (RPO) of zero seconds and an RTO of 2 Hours.

Answer Link (CareCall)

The Answer Link platform is hosted locally at Provide locations, HQ and Kestrel House. In the event of a catastrophic failure the Recovery Point Objective (RPO) is no more than 24 hours with a Recovery Time Objective (RTO) of 30 minutes.

Inform (Sexual Health Services)

The Inform Platform is hosted within Inform’s cloud infrastructure As the whole environment is virtualised, we have greater stability. However, in the event of a catastrophic failure the Recovery Point Objective (RPO) is 10 minutes with a Recovery Time Objective (RTO) of 30 minutes.

Optimum (Wheelchairs Service)

The Optimum Platform is hosted within our Azure environment. As the whole environment is virtualised, we have greater stability. However, in the event of a catastrophic failure the Recovery Point Objective (RPO) is 24 hours with a Recovery Time Objective (RTO) of 2 hours.

12.Risk-Based Backup Strategy

A backup risk assessment must be performed annually to evaluate risks related to data loss, backup failure, and cyber threats. Backup prioritisation will be based on business impact analysis (BIA), ensuring that critical systems have the shortest RTO and RPO. A backup risk register will track identified vulnerabilities and mitigation actions.

13.Backup Incident Response

All backup failures must be logged in the IT incident register. If a backup failure impacts critical business operations, the incident must be escalated to the Head of Infrastructure & Cyber Security and the Director of Technology. The response team will determine corrective actions and document the resolution.

Appendix A: Restore Procedures

Restore Requests

When a user notices that a folder or document is missing, they should make every effort to see if there is a reason for this, such as checking with colleagues to see if the document has been moved.

Should the file or folder not be found, a call should be logged with the Provide Technology Service Desk, the user will need to inform the Service Desk of:

• What folders and files are missing

• Where the folders and files were stored

• When the folders and files were last known to be available

The Service Desk will undertake an initial triage and if restoration is required and is likely to be possible, the call will be transferred to the Infrastructure queue.

The Infrastructure Team will attempt to restore the folder or files or log a call with Provides data centre provider to do so.

The Infrastructure Team or Service Desk staff will contact the user with the outcome of the attempt to restore the file before closing the call.

Monthly Test

A monthly restore test will be undertaken by the Infrastructure Team.

EQUALITY IMPACT ASSESSMENT TEMPLATE: Stage 1: ‘Screening’

Name of project/policy/strategy (hereafter referred to as “initiative”):

IT Backup Policy and Procedures

Provide a brief summary (bullet points) of the aims of the initiative and main activities:

Project/Policy Manager: Chris Wright

Date: 07/07/2020

This stage establishes whether a proposed initiative will have an impact from an equality perspective on any particular group of people or community – i.e. on the grounds of race (incl. religion/faith), gender (incl. sexual orientation), age, disability, or whether it is “equality neutral” (i.e. have no effect either positive or negative). In the case of gender, consider whether men and women are affected differently.

Q1. Who will benefit from this initiative? Is there likely to be a positive impact on specific groups/communities (whether or not they are the intended beneficiaries), and if so, how? Or is it clear at this stage that it will be equality “neutral”? i.e. will have no particular effect on any group.

Provide IT Users

Q2. Is there likely to be an adverse impact on one or more minority/under-represented or community groups as a result of this initiative? If so, who may be affected and why? Or is it clear at this stage that it will be equality “neutral”?

No

Q3. Is the impact of the initiative – whether positive or negative - significant enough to warrant a more detailed assessment (Stage 2 – see guidance)? If not, will there be monitoring and review to assess the impact over a period time? Briefly (bullet points) give reasons for your answer and any steps you are taking to address particular issues, including any consultation with staff or external groups/agencies.

No

Guidelines: Things to consider

• Equality impact assessments at Provide take account of relevant equality legislation and include age, (i.e. young and old,); race and ethnicity, gender, disability, religion and faith, and sexual orientation.

• The initiative may have a positive, negative or neutral impact, i.e. have no particular effect on the group/community.

• Where a negative (i.e. adverse) impact is identified, it may be appropriate to make a more detailed EIA (see Stage 2), or, as important, take early action to redress this – e.g. by abandoning or modifying the initiative. NB: If the initiative contravenes equality legislation, it must be abandoned or modified.

• Where an initiative has a positive impact on groups/community relations, the EIA should make this explicit, to enable the outcomes to be monitored over its lifespan.

• Where there is a positive impact on particular groups does this mean there could be an adverse impact on others, and if so can this be justified? - e.g. are there other existing or planned initiatives which redress this?

• It may not be possible to provide detailed answers to some of these questions at the start of the initiative. The EIA may identify a lack of relevant data, and that data-gathering is a specific action required to inform the initiative as it develops, and also to form part of a continuing evaluation and review process.

• It is envisaged that it will be relatively rare for full impact assessments to be carried out at Provide. Usually, where there are particular problems identified in the screening stage, it is envisaged that the approach will be amended at this stage, and/or setting up a monitoring/evaluation system to review a policy’s impact over time.

EQUALITY IMPACT ASSESSMENT TEMPLATE: Stage 2:

(To be used where the ‘screening phase has identified a substantial problem/concern)

This stage examines the initiative in more detail in order to obtain further information where required about its potential adverse or positive impact from an equality perspective. It will help inform whether any action needs to be taken and may form part of a continuing assessment framework as the initiative develops.

Q1. What data/information is there on the target beneficiary groups/communities? Are any of these groups under- or over-represented? Do they have access to the same resources? What are your sources of data and are there any gaps?

Q2. Is there a potential for this initiative to have a positive impact, such as tackling discrimination, promoting equality of opportunity and good community relations? If yes, how? Which are the main groups it will have an impact on?

Q3. Will the initiative have an adverse impact on any particular group or community/community relations? If yes, in what way? Will the impact be different for different groups – e.g. men and women?

Q4. Has there been consultation/is consultation planned with stakeholders/ beneficiaries/ staff who will be affected by the initiative? Summarise (bullet points) any important issues arising from the consultation.

Q5. Given your answers to the previous questions, how will your plans be revised to reduce/eliminate negative impact or enhance positive impact? Are there specific factors which need to be taken into account?

Q6. How will the initiative continue to be monitored and evaluated, including its impact on particular groups/ improving community relations? Where appropriate, identify any additional data that will be required.

Guidelines: Things to consider

• An initiative may have a positive impact on some sectors of the community but leave others excluded or feeling they are excluded. Consideration should be given to how this can be tackled or minimised.

• It is important to ensure that relevant groups/communities are identified who should be consulted. This may require taking positive action to engage with those groups who are traditionally less likely to respond to consultations, and could form a specific part of the initiative.

• The consultation process should form a meaningful part of the initiative as it develops, and help inform any future action.

• If the EIA shows an adverse impact, is this because it contravenes any equality legislation? If so, the initiative must be modified or abandoned. There may be another way to meet the objective(s) of the initiative.

Further information:

Useful Websites www.equalityhumanrights.com Website for new Equality agency www.employers-forum.co.uk – Employers forum on disability www.disabilitynow.org.uk – online disability related newspaper www.efa.org.uk – Employers forum on age

© MDA 2007

EQUALITY IMPACT ASSESSMENT TEMPLATE: Stage One: ‘Screening’

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: and more. Sign up and create your flipbook.