Suresoft Systems Pvt Ltd

BACKUP POLICY

Confidential

SURESOFT SYSTEMS PVT LTD.,

PLOTS 11 & 12, ANNA NAGAR
EXTENSION, 
THIRD CROSS, SIVAGANGA NAGAR,
PONDICHERRY - 605 005.
India

This document is available to all employees of Suresoft Systems Pvt.

Notice of Distribution Ltd. Any request to update this document must be authorised by
Information Security Manager.

Notice of Confidentiality
This document contains proprietary and confidential information of
Suresoft Systems Pvt. Ltd. The recipient agrees to maintain this
information in confidence and not reproduce or otherwise disclose this
information to any person outside of the group directly responsible for
the evaluation of its contents.
Confidential Suresoft Systems Pvt Ltd.
Backup Policy Pondicherry

Document Ref. No.SSSVL-PL-BKP-004-05 Version No. 1.0

Revision No. Issued Date:
Page 2 of 7
Confidential Suresoft Systems Pvt Ltd.
Backup Policy Pondicherry

DOCUMENT SUMMARY:

AUTHOR
REVIEWED BY
CURRENT VERSION
DATE OF CURRENT
VERSION
DATE OF ORIGINAL
VERSION
DOCUMENT TYPE
DOCUMENT STATUS
DOCUMENT CIRCULATION
OWNER
APPROVED BY

REVISION HISTORY:

PARTICULARS VERSION REVISION DATE EDITED BY/

NO. REMARKS

Document Ref. No.SSSVL-PL-BKP-004-05 Version No. 1.0

Revision No. Issued Date:
Page 3 of 7
Confidential Suresoft Systems Pvt Ltd.
Backup Policy Pondicherry

Table of Contents

1. POLICY STATEMENT...........................................................................................4

2. BACKUP IDENTIFICATION.................................................................................4

3. BACKUP PLAN......................................................................................................4

4. BACKUP PROCESS..............................................................................................4

4. BACKUP STORAGE.............................................................................................5
4.1. ONSITE................................................................................................................5
4.2. OFFSITE..............................................................................................................5
5. BACKUP RESTORATION (RECOVERY)..........................................................5

6. RESTORATION TESTING....................................................................................5

7. RETENTION OF BACKED-UP DATA................................................................5

7. DISPOSAL...............................................................................................................6

8. RESPONSIBILITIES..............................................................................................6

9. RECOMMENDATIONS AND GUIDELINES......................................................6

10. ISO 27001 References.......................................................................................6

Document Ref. No.SSSVL-PL-BKP-004-05 Version No. 1.0

Revision No. Issued Date:
Page 4 of 7
Confidential Suresoft Systems Pvt Ltd.
Backup Policy Pondicherry

1. Policy Statement
“Information System Owners should ensure that adequate backup and recovery
processes are in place in any eventuality for all information systems”

2. Backup Identification
 Functional Heads in conjunction with Backup administrators shall identify the critical
data that need to be backed-up.

 Backups shall be generated for sensitive data and software that are essential for
business continuity.

 Critical paper files must be identified and backed up with a scanned digital copy.

3. Backup Plan
 Backup planning for individual systems shall be reviewed and approved by the ISO.
The plan should include Information system to be backed up, priority, back method,
backup schedule and retention period.

 An appropriate storage medium shall be used. Media shall be clearly labeled as per
Information classification and handling policy.

 The backup media used shall have a life span in accordance with data retention
requirements.

 The reuse of media shall be carefully planned to avoid any possible data loss due to
overuse of media.

 The back media shall have appropriate identification labels with information such as
creation date, file details, sensitivity of data, retention period etc

4. Backup process

 Periodical backup as defined in the Backup plan will be taken by the backup
administrator.
 The following types of backup shall be taken unless a different type of back is
required due to business needs

o Daily backup - on incremental or differential basis;

o Weekly backup - full backup
o Monthly backup – full backup

 Backup media shall be appropriately labelled.

 Backup logs generated by the system shall be maintained by Backup Administrator
and shall also maintain the information such as location and content of backup
media.
 Backup administrator shall review system generated report on successful completion
of the backup and any faults identified shall be rectified

Document Ref. No.SSSVL-PL-BKP-004-05 Version No. 1.0

Revision No. Issued Date:
Page 5 of 7
Confidential Suresoft Systems Pvt Ltd.
Backup Policy Pondicherry

4. Backup Storage

4.1. Onsite
 Backup media shall be securely stored in fire safe when not in use. The key to the
cabinet shall be available only with ISO / delegated approved Functional heads and
the duplicate key shall be kept with the Backup administrator for emergency use.

4.2. Offsite
 Copies of backups shall be stored in an offsite location, physically distant from the
onsite location.

 Whenever, the backup media is moved to and from off-site location, it shall be carried
in sealed and tamper-proof envelope or pouch.

 Backup Administrator shall maintain the backup movement logs for the backups at
off-site location.

5. Backup Restoration (Recovery)

 Formal restoration request process shall exist for any accidental deletion or
corruption of information.

 Request for restoration of information shall be authorized by the owners of the

information prior to performing the restoration.

6. Restoration Testing
 A recovery test shall be performed at least once every six months for every backed-
up data or based on importance of the data.

 The ISO or other delegates shall randomly audit the backup logs at least once a
month.

 Backup administrator shall identify problems related to backup process and take
corrective action to reduce any risks associated with failed backups.

 Backup media shall be controlled and physically protected.

 Appropriate operating procedures shall be established to maintain drives and other

backup media from damage.

7. Retention of backed-up data

 Backup shall be retained as per requirement.

 Media used for backup shall be rotated appropriately.

Document Ref. No.SSSVL-PL-BKP-004-05 Version No. 1.0

Revision No. Issued Date:
Page 6 of 7
Confidential Suresoft Systems Pvt Ltd.
Backup Policy Pondicherry

7. Disposal
 Backup media must be physically destroyed in a secure manner as per the defined
Operating procedure and ensure:

o The media no longer contains active data.

o The media’s current or former contents cannot be read or recovered.

8. Responsibilities
 Backup Administrator is responsible for taking and maintaining backup of all data and
applications as well as operating systems.
 It is the responsibility of Users at each function to decide on the criticality and backup
frequency of the backup of information with respect to the data managed by the
functional unit.
 Users shall formally inform the Backup Administrator about any new data to be
backed up.
 Similarly Backup Administrator shall be informed about discontinuing the back up
when data is no longer in use at the functional unit.

9. Recommendations and guidelines

Follow the Backup Procedure

10. ISO 27001 References

 Information Backup (A.10.5.1)
 Management of removable media (A.10.7.1)

Document Ref. No.SSSVL-PL-BKP-004-05 Version No. 1.0

Revision No. Issued Date:
Page 7 of 7