The University of Texas at San Antonio

Office of Information Technology

Office of Information Security (OIS) Standards


OIS 14 – Standard for Enterprise Backup and Data Recovery



Institutional data and records must be protected and managed in such a way as to prevent loss or destruction. This standard applies to all individuals within the UTSA enterprise who are responsible for the installation and support of information resources, individuals charged with information resources security and Data Owners.



This standard supports HOP Policy 8-12 Information Resources Use and Security Policy



This standard applies to all UTSA faculty, staff, and students.


If you have any questions about OIS 14 – Standard for Enterprise Backup and Data Recovery contact the following office:


The Office of Information Security


  1. All UTSA data must be backed up according to risk management plans developed by the Data Owner.
  2. Backup media must have, at a minimum, the following identifying markers that can be readily displayed by labels and/or a bar-coding system:
    • System name
    • Creation date
    • Sensitivity Classification
    • UTSA contact information
  3. Physical-access controls implemented at off-site backup storage locations must meet or exceed the physical access controls of the source systems. Additionally, backup media must be protected in accordance with the highest UTSA sensitivity level.
  4. A process must be implemented to verify the operability of the UTSA electronic information backup, including periodic testing, to ensure that backups are recoverable.
  5. Procedures involving UTSA and the off-site backup storage vendor(s), if any, must be documented and reviewed at least annually.
  6. Each department must maintain a documented recovery plan designed to restore service in the event of a disaster or significant outage.


Reference for This Standard:

University of Texas System Information Resources Use and Security Policy, Section 5, Standard Backup and Disaster Recovery.



Effective Date: August 20, 2010
Last Revised: May 28, 2015