psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
draft
ISMS/01-policies/backup-and-recovery-policy.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

65 lines
2.2 KiB
Markdown
Raw Permalink Blame History

Title: Backup and Recovery Policy
Document ID: [POL-BACKUP-001]
Version: 0.1 Draft
Status: Draft
Owner: CISO (Paul Jenkins)
Approver: CEO (Paul Hague)
Classification: Internal
Effective date: [DD Month YYYY]
Review date: [DD Month YYYY]
# Backup and Recovery Policy
## Purpose
This policy defines BlackDice's expectations for protecting data and service recoverability through backup and recovery arrangements.
## Scope
This policy applies to in-scope data, configurations, system components, supporting platforms, and recovery information relevant to BlackDice services and business operations.
## Objectives
- maintain recoverability of important data and service components
- reduce the impact of data loss, corruption, or service disruption
- ensure recovery arrangements are defined and tested
## Principles / Policy Statements
Backup and recovery arrangements must be defined according to business criticality, recovery needs, and risk.
Backups must be protected against unauthorised access, tampering, loss, and inappropriate deletion.
Cloud-native and Kubernetes-based services must consider recovery of data, configurations, infrastructure definitions, and dependencies needed to restore service.
Recovery requirements should reflect service commitments, business priorities, and operational constraints.
Backup restoration capability must be tested at planned intervals.
## Roles and Responsibilities
- [Role] must define backup and recovery expectations.
- System owners must ensure required backup and recovery arrangements exist.
- Operational teams must perform and evidence testing and restoration activity as required.
## Compliance / Exceptions
Any gap in backup coverage or recovery capability must be documented, assessed for risk, and addressed through remediation or approved exception.
## Monitoring and Review
This policy should be reviewed through backup testing, recovery exercises, incidents, change review, and audit.
## Related Documents
- Information Security Policy
- Backup Testing Procedure
- Business Continuity and Disaster Recovery Policy
- Data Retention Standard
## Version Control
| Version | Date | Description of Change | Author |
| --- | --- | --- | --- |
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |
Reference in New Issue View Git Blame Copy Permalink