psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
881b2bf2bcd7b1053d66f58e0fb522118a672f19
ISMS/03-procedures/backup-testing-procedure.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

2.6 KiB
Raw Blame History

Title: Backup Testing Procedure Document ID: [PROC-BACKUP-TEST-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CISO (Paul Jenkins) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]

Backup Testing Procedure

Purpose

This procedure defines how BlackDice should test backup restoration capability and record the results.

Scope

This procedure applies to in-scope systems, services, data sets, configurations, and other assets where backup and restoration capability is required.

Trigger / When Used

Use this procedure:

  • at planned backup test intervals
  • after material changes to backup design or protected assets
  • after backup-related incidents or failures
  • when assurance evidence is required

Procedure Steps

  1. Select the system, data set, or recovery scenario to test based on criticality and test plan.
  2. Confirm the expected restore objective, test scope, data sensitivity, and success criteria.
  3. Perform the backup restoration test in an approved and controlled manner.
  4. Validate that the restored data, configuration, or service state is complete, usable, and consistent with the test objective.
  5. Record the outcome, timing, issues encountered, and whether objectives were met.
  6. Raise remediation actions for failures, gaps, or unacceptable delays.
  7. Review results with the relevant owner and agree follow-up actions.
  8. Retain test evidence for assurance and audit purposes.

Inputs

  • backup test schedule or request
  • protected asset information
  • restoration instructions or runbooks
  • success criteria

Outputs / Records

  • backup test record
  • restoration evidence
  • identified issues and follow-up actions
  • updated recovery assurance status

Roles and Responsibilities

  • [Role] must coordinate the backup test programme or oversight.
  • System owners must confirm recovery requirements and review outcomes.
  • Operational teams must perform restoration testing and record results.

Escalation / Exceptions

Escalate where:

  • a test fails or cannot be completed
  • recovery objectives are not met
  • backup coverage is incomplete
  • sensitive data handling during testing creates additional risk

Exceptions to planned testing must be documented and approved.

Related Documents

  • Backup and Recovery Policy
  • Business Continuity and Disaster Recovery Policy
  • Disaster Recovery Testing Procedure
  • Corrective Action Procedure

Version Control

Version Date Description of Change Author
0.1 Draft [DD Month YYYY] Initial draft. [Name or Role]
Reference in New Issue View Git Blame Copy Permalink