Data backups are available and tested, at least in an ad hoc manner
Context and Guidance: This practice is fundamental to restoring operations in the event of data loss or hardware failure. The organisation makes accessible, at least in an ad hoc manner, backups of information assets. When identifying information assets to be backed up, organisations should consider data that resides on different types of IT and OT assets, such as virtualised assets, regulated assets, cloud assets, Bring Your Own Device (BYOD) assets, assets managed by a third party, field assets, and mobile assets. Testing is performed for backups to help ensure they are viable and available when needed. Strategies for performing and managing backups should be based on risk to the function or the organisation. This practice initiates a progression of practices that continue in MIL2 and are focused on data backups. Backups of information assets may include: • operational data • set points • configuration files • storage locations • copies of important configuration baselines, golden images, hard disk images, and virtual machine images Backup procedures typically include: • frequency standards • retention periods • authorised storage locations and methods • encryption and protection requirements; testing standards
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: RESPONSE-4b, RESPONSE-4f, RESPONSE-4j, RESPONSE-4k.