I. STANDARD STATEMENT

Institutional data and records must be protected and managed in such a way as to prevent loss or destruction. This standard applies to all individuals within the UTSA enterprise who are responsible for the installation and support of information resources, individuals charged with information resources security and Data Owners.

II. RATIONALE

This standard supports HOP Policy 8-12 Information Resources Use and Security Policy

III. SCOPE

This standard applies to all UTSA faculty, staff, and students.

IV. CONTACTS

The Office of Information Security
informationsecurity@utsa.edu

V. PROCEDURES

  1. All UTSA data must be backed up according to risk management plans developed by the Data Owner.
  2. Backup media must have, at a minimum, the following identifying markers that can be readily displayed by labels and/or a bar-coding system:
    1. System name
    2. Creation date
    3. Sensitivity Classification
    4. UTSA contact information
  3. Physical-access controls implemented at off-site backup storage locations must meet or exceed the physical access controls of the source systems. Additionally, backup media must be protected in accordance with the highest UTSA sensitivity level.
  4. A process must be implemented to verify the operability of the UTSA electronic information backup, including periodic testing, to ensure that backups are recoverable.
  5. Procedures involving UTSA and the off-site backup storage vendor(s), if any, must be documented and reviewed at least annually.
  6. Each department must maintain a documented recovery plan designed to restore service in the event of a disaster or significant outage.

Reference for This Standard

University of Texas System Information Resources Use and Security Policy, Section 5, Standard Backup and Disaster Recovery. Find this document here.

OIS 14 – Standard for Enterprise Backup and Data Recovery
Effective Date: August 20, 2010
Last Revised: July 30, 2020