IT Policies

Download Now

Start free trial

Not a Tech Pro Research member? Sign up for a Free Trial and get access to this content and more for one week.

Resource and data recovery policy

Originally Published:
Jan 2019

Employees, data, and resources are three of the biggest assets in any organization. All employees should be familiar with the processes for recovering information if it becomes lost, inaccessible, or compromised. This policy provides guidelines for the recovery of data from company-owned or company-purchased resources, equipment, and/or services.

From the policy:

Resource and data recovery guidelines
There are four possible scenarios involving the need to recover resources and data:

  • Loss: A device containing confidential data is misplaced and irretrievable.
  • Failure: A device or service becomes unavailable due to damage or age.
  • Compromise: A malicious individual has stolen or accessed company data they have no legitimate reason to possess.
  • Termination of service: A contract with an outside organization that provides or facilitates access to data is ending, and company information should be removed from their systems.
Backups are essential
Backups are a key element regardless of the scenario and are therefore the foundation of this policy. All company data must be backed up on at least a daily basis, whether it resides in-house, outside the organization, or on servers, workstations, or mobile devices. There should never be a single copy of critical data; multiple copies should exist in the form of backups or synchronization to a remote disaster recovery (DR) site. Where possible, a secure offsite storage service, such as Iron Mountain, should be used. This will protect data against a site failure, such as a power outage or physical damage.

IT staff will determine how and where backups take place; they may occur locally or using cloud-based services such as Dropbox or Sugarsync, so long as standards for the protection of sensitive information are met (see the next section) and any regulatory safeguards that may apply to the organization are adhered to.

Get This Download With Our Free Trial

People who downloaded this also downloaded