84 lines
2.6 KiB
Markdown
84 lines
2.6 KiB
Markdown
Title: Backup Testing Procedure
|
|
Document ID: [PROC-BACKUP-TEST-001]
|
|
Version: 0.1 Draft
|
|
Status: Draft
|
|
Owner: CISO (Paul Jenkins)
|
|
Approver: CISO (Paul Jenkins)
|
|
Classification: Internal
|
|
Effective date: [DD Month YYYY]
|
|
Review date: [DD Month YYYY]
|
|
|
|
# Backup Testing Procedure
|
|
|
|
## Purpose
|
|
|
|
This procedure defines how BlackDice should test backup restoration capability and record the results.
|
|
|
|
## Scope
|
|
|
|
This procedure applies to in-scope systems, services, data sets, configurations, and other assets where backup and restoration capability is required.
|
|
|
|
## Trigger / When Used
|
|
|
|
Use this procedure:
|
|
|
|
- at planned backup test intervals
|
|
- after material changes to backup design or protected assets
|
|
- after backup-related incidents or failures
|
|
- when assurance evidence is required
|
|
|
|
## Procedure Steps
|
|
|
|
1. Select the system, data set, or recovery scenario to test based on criticality and test plan.
|
|
2. Confirm the expected restore objective, test scope, data sensitivity, and success criteria.
|
|
3. Perform the backup restoration test in an approved and controlled manner.
|
|
4. Validate that the restored data, configuration, or service state is complete, usable, and consistent with the test objective.
|
|
5. Record the outcome, timing, issues encountered, and whether objectives were met.
|
|
6. Raise remediation actions for failures, gaps, or unacceptable delays.
|
|
7. Review results with the relevant owner and agree follow-up actions.
|
|
8. Retain test evidence for assurance and audit purposes.
|
|
|
|
## Inputs
|
|
|
|
- backup test schedule or request
|
|
- protected asset information
|
|
- restoration instructions or runbooks
|
|
- success criteria
|
|
|
|
## Outputs / Records
|
|
|
|
- backup test record
|
|
- restoration evidence
|
|
- identified issues and follow-up actions
|
|
- updated recovery assurance status
|
|
|
|
## Roles and Responsibilities
|
|
|
|
- [Role] must coordinate the backup test programme or oversight.
|
|
- System owners must confirm recovery requirements and review outcomes.
|
|
- Operational teams must perform restoration testing and record results.
|
|
|
|
## Escalation / Exceptions
|
|
|
|
Escalate where:
|
|
|
|
- a test fails or cannot be completed
|
|
- recovery objectives are not met
|
|
- backup coverage is incomplete
|
|
- sensitive data handling during testing creates additional risk
|
|
|
|
Exceptions to planned testing must be documented and approved.
|
|
|
|
## Related Documents
|
|
|
|
- Backup and Recovery Policy
|
|
- Business Continuity and Disaster Recovery Policy
|
|
- Disaster Recovery Testing Procedure
|
|
- Corrective Action Procedure
|
|
|
|
## Version Control
|
|
|
|
| Version | Date | Description of Change | Author |
|
|
| --- | --- | --- | --- |
|
|
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |
|