psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
881b2bf2bcd7b1053d66f58e0fb522118a672f19
ISMS/01-policies/backup-and-recovery-policy.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

2.2 KiB
Raw Blame History

Title: Backup and Recovery Policy Document ID: [POL-BACKUP-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CEO (Paul Hague) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]

Backup and Recovery Policy

Purpose

This policy defines BlackDice's expectations for protecting data and service recoverability through backup and recovery arrangements.

Scope

This policy applies to in-scope data, configurations, system components, supporting platforms, and recovery information relevant to BlackDice services and business operations.

Objectives

  • maintain recoverability of important data and service components
  • reduce the impact of data loss, corruption, or service disruption
  • ensure recovery arrangements are defined and tested

Principles / Policy Statements

Backup and recovery arrangements must be defined according to business criticality, recovery needs, and risk.

Backups must be protected against unauthorised access, tampering, loss, and inappropriate deletion.

Cloud-native and Kubernetes-based services must consider recovery of data, configurations, infrastructure definitions, and dependencies needed to restore service.

Recovery requirements should reflect service commitments, business priorities, and operational constraints.

Backup restoration capability must be tested at planned intervals.

Roles and Responsibilities

  • [Role] must define backup and recovery expectations.
  • System owners must ensure required backup and recovery arrangements exist.
  • Operational teams must perform and evidence testing and restoration activity as required.

Compliance / Exceptions

Any gap in backup coverage or recovery capability must be documented, assessed for risk, and addressed through remediation or approved exception.

Monitoring and Review

This policy should be reviewed through backup testing, recovery exercises, incidents, change review, and audit.

Related Documents

  • Information Security Policy
  • Backup Testing Procedure
  • Business Continuity and Disaster Recovery Policy
  • Data Retention Standard

Version Control

Version Date Description of Change Author
0.1 Draft [DD Month YYYY] Initial draft. [Name or Role]
Reference in New Issue View Git Blame Copy Permalink