SP 6-10f – Backup and Recovery

Colorado Community College System / System Procedure


SP 6-10f

APPROVED: January 28, 2021
EFFECTIVE: January 28, 2021

REFERENCES:

Board Policy (BP) 6-10, Cyber Security Policy
System Procedure (SP) 6-10o, Information Technology Continuity

APPROVED:

/ Joe Garcia /
Joseph A. Garcia
Chancellor

BASIS

This procedure documents the measures Colorado Community College System and its Colleges (“CCCS”) maintain to backup digital data and recover from Information System-related failures through the use of backed up files.

APPLICATION

This procedure applies to Information Assets owned, leased, managed, and maintained by System Information Technology (“System IT”) or the College Information Technology Department (“College IT”) or by third parties on behalf of CCCS and employees, personnel affiliated via third party contracts, and volunteers that have access to Information Systems and Assets that are owned or leased by CCCS.

DEFINITIONS

Backup
Backup is a copy of one or more files created as an alternate in case the original data is lost or becomes unusable.

Backup Retention
Backup retention is defined as the time lapse between when a backup is created and when a backup is formatted to be destroyed or potentially reused.

PROCEDURE

The System Chancellor delegates to the System Vice Chancellor for Information Technology responsibility for oversight of compliance with and implementation of this procedure. Further, the System Chancellor delegates to the College Presidents the responsibility to implement and compliance with this procedure at their respective institution.

Backups

  • Production server images, production databases, network device configurations, and file shares shall be backed up and replicated for retention and recovery purposes.
  • A log documenting completed backups shall be kept and maintained for a specified period of time as determined by System IT or College IT Department.
  • Access to backups should be restricted to authorized System IT or College IT personnel.
  • Backups should be protected through approved encryption methods.
  • Similar backup processes shall exist for all environments (e.g., development, test, and production) as appropriate.

Monitoring
System IT or College IT shall monitor backup processes for any failed jobs and take necessary action to correct and document problems.

Testing of Backup Restoration
System IT or College IT shall test and document restorations from Information System backups semi-annually. Backup testing shall be limited to the System IT’s or applicable College IT’s critical Information Systems and Assets. Backup testing can also be fulfilled through the standard course of restoration activities and through the regular testing of business continuity and failover testing.

Retention of Backups
Backup files shall be retained for a specified period of time as determined by System IT and College IT.

REVISING THIS PROCEDURE

CCCS reserves the right to change any provision or requirement of this procedure at any time and the change shall become effective immediately.