Backup And Recovery Policy Document

Gold Hammer Construction Ltd., Vancouver, British Columbia

Gold Hammer Construction Ltd. is a prominent construction company that operates across Western Canada. It has a head office in Vancouver, BC with several offices in other major cities. The company mainly focuses on industrial and commercial construction projects such as the construction of control buildings, warehouses, office buildings, power centres and retail store fronts. As of January 2020, the company consists of 6000 employees with the bulk of the employee force being construction workers. The company also has 100 security personnel outsourced from Silver Nail Security Pvt. Ltd. The company’s IT hierarchy is as follows:

· Chief Information Officer

· Chief Technology Officer

· Chief Information Security Officer

· IT Operations

o IT Development

o Information Network Specialist

o Information Security Specialist

o IT Operations

o IT Support

· IT Helpdesk

Gold Hammer Construction Ltd. gets its raw materials from various suppliers across the country, as the progress of projects should not be impeded by a lack of raw materials. The company has client, financial and employee data stored on cloud servers and in a large data centre in Calgary, Alberta. There is also Client Support System which connects workstations, mobile devices and tablets to the company network across different departments using WAN, LAN, MAN, WIFI & Internet.

The various departments and services are as follows:

1. Project Procurement

2. Construction Site Management

3. Project Management

4. Administration

5. Human Resources

6. Finance

7. Information Technology

8. Customer Service (Information and payments)

Backup and Recovery Lab Assignment. 1. You will install Server 2016 in a virtual machine (either Virtualbox or VMware are fine). 2. You will configure, learn, and explore VSS (VSS (Volume Shadow Copy Service. The team deliverable for this lab is a Backup and Recovery Policy document for your assigned organization (GOLD Hammer Construction- Faux Company). Use your judgement as to what will work best for your organization. Search out backup and recovery policies on the internet to gain insight and ideas but do not just copy them. 7. Your Backup and Recovery Policy must address using VSS and WSB in your organization. 8. Your Backup and Recovery Policy document must address at minimum all of the following topic: • What is the purpose of the backup policy: this identifies the goal of the policy and why it is important. This includes a policy statement, background, object, scope, definitions, guiding principles, etc. • Who is responsible for backups: What person(s), position, or department is responsible for ensuring the policy and procedures are followed. What are the roles and responsibilities? Who is responsible for backing up the data? who is responsible for restoring data? who is responsible for securing the backed-up data? who is responsible for erasing or destroying it? • Data to be backed up: This identifies what data management determines is important to the organization. • Off site backups: A copy of a backup should be stored at a separate location. This helps protect the data in the event of fire, flood or other disasters that can destroy the primary site. • Label media: Media labeling identifies what data is on the media and when the backup to that location was performed. • Testing: the policy needs to identify when and at what level testing should be performed and how the results are recorded. • Retention requirements: retention determines how many tapes or other media must be purchased and for how long they will be retained before being destroyed. The length of retention is determined by laws, regulations, and industry guidelines as well as organizational needs. • Execution and frequency of backups: The BIA influences the execution and frequency by identifying RTO (recovery time objectives) and RPO (recovery point objectives). The helps determine the type of back performed and the rotation strategy employed. What is the plan? the schedule? • Protecting backups: Backup media needs to be classified and handled the same as the original data. A breach that compromises the back data is the same as a breach that compromises the original data. The policy needs to identify the backups are to be protected. What measures must be followed to ensure the security of your organizations’ backups? • Disposing of media: How, when, where, and by whom media will be sanitized or destroyed must be specified in the policy.