06) Does your organisation take regular backups of its digital production data?
IT Operations Backups
Written by Haydn Brooks
Created on March 18, 2019
Modified on June 7, 2020

Answer yes if your organisation takes regular backups of its production data. Please provide a document stating the frequency of backups (as a PDF file) or describe the frequency of the backups in the notes section.

A key control in maintaining the resiliency of your information systems are data backups. Data backups can be used to recover data whether it is lost through user error or a cyber attack. Some cyber attacks, such as certain strains of ransomware, can only be recovered from by restoring your data using quality backups.

Your company data backup policy should detail the types of backup (full, differential, incremental, and mirror) relevant to the data in question, and the procedures, responsibilities, and schedules for the data backup.

It is imperative that you have robust, resilient, and tested data backups in place, and that these backups are stored in a different physical location to your production data.

How to implement the control:

Your IT team must ensure regular backups are taken of all of your businesses data, especially data held within any production systems. Backups should be taken daily, and should be stored securely and in a different location to the production data.

If you are backing up data held in the cloud, ensure that the backup data is stored at a different data centre location to the data centre your production data is held in.

There are many tools and services that your IT team can use to facilitate easy data backups.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.