Harbinger Escrow Services Backup and Archiving Policy. Document version: 2.8. Harbinger Group Pty Limited Delivered on: 18 March 2015

Similar documents
SERVICE EQUIPMENT DISPOSAL POLICY

Records Management Policy

HSCIC Audit of Data Sharing Activities:

POLICY. TITLE POLICY Records Management Policy. roxbycouncil POLICY RECORDS MANAGEMENT Policy Date Latest Review Changes

HSCIC Audit of Data Sharing Activities:

Sydney Opera House Policy

NUS RECORDS MANAGEMENT POLICY. Ver 1.6

A tool for assessing your agency s information and records management

TECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients

External Supplier Control Obligations. Records Management

CEBOS CLOUD PROGRAM DOCUMENT

IBM System Storage DR550 Express

RECORDS MANAGEMENT POLICY AND PROCEDURES

External Supplier Control Obligations. Information Security

NSW Government Capability Framework - Benchmark Job Evaluations. NSW Department of Premier and Cabinet

Records Management Plan

SIMPLE FUND 360: AN AUDITORS GUIDE. Australia s leading cloud SMSF admin solution AN AUDITORS GUIDE.

General Data Protection Regulation (GDPR) Key considerations and implications for brokers

White paper June Managing the tidal wave of data with IBM Tivoli storage management solutions

Data Protection Policy

DePaul University Records Management Manual October 1, 2016

IBM System Storage. IBM Information Archive: The next-generation information retention solution

MASTER SERVICE LEVEL AGREEMENT (MSLA)

Supplier Security Directives

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY

Document Ref: Issue Date: March 2018 Review Date: March 2020 Policy Lead: Stephanie Vasey, Data Governance Manager

Information Governance and Records Management Policy March 2014

Moving Beyond Information Life Cycle Management

DISASTER PREPAREDNESS Guide & Template

NHS Digital Audit of Data Sharing Activities: Derby Teaching Hospitals NHS Foundation Trust - Renal Department

Information Asset Management Policy

Service level Description for the Centralised Research and Specialist Computing Support Service

GOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.

Samsung Requirements for WEEE Managing

Guidelines for Information Asset Management: Roles and Responsibilities

Information is important to the operation of a company. A system. Records Management. C h a p t e r Introduction to Records Management

ASSET MANAGEMENT TOWARDS ISO/IEC 27001:2005 ACCREDITATION OF AN INFORMATION SECURITY MANAGEMENT SYSTEM

Contractor's Pack The Choice of Contractors

POLICY. Data Breach Notification Policy. Version Version 1.0. Equality Impact Assessment Status. Date approved 23 rd May 2018

PRODUCT DISCLOSURE STATEMENT FOR THE THIRSTY CAMEL CARD

Approved by Board: 22/06/2016. Records Management Policy

ITS Service Level Agreement

COMPLAINT MANAGEMENT POLICY

INFORMATION AND RECORDS MANAGEMENT POLICY

KWANLIN DÜN FIRST NATION. Records Management Policy

Brasenose College Data Protection Policy Statement v1.2

General Manager Commercial

KENYA FORESTRY RESEARCH INSTITUTE (KEFRI) ICT PROCEDURE KEFRI/SOP/MR/010

Policy for Preservation of Documents

INTERNAL AUDIT DIVISION REPORT 2017/022. Audit of knowledge and records management at the United Nations Framework Convention on Climate Change

Prince William County, Virginia Internal Audit Report Records Retention and Public Requests

ediscovery at the University of Michigan

Service Level Agreement - REDCap University of Alabama at Birmingham Department of Medicine

Business Continuity Policy

REQUEST FOR PROPOSALS

Working Together. ICT Change. Management Policy. August Uncontrolled Copy. ICT Change Management Policy

Exhibit A Software Maintenance and Support Terms and Conditions

IBM Business Automation Content Services on Cloud

Records Disposal Schedule Charles Darwin University Procurement Services Charles Darwin University

IBM Emptoris Contract Management on Cloud

University College Cork National University of Ireland, Cork Records Management Policy Version 1.0

Records Management policy

Collaboration with Business Associates on Compliance

MY ACCOUNT. Terms of use. New South Wales South Australia Queensland Victoria

Information Governance Clauses Clinical and Non Clinical Contracts

FOR PUBLICATION REMOVABLE MEDIA POLICY (B000) MEETING: 1. CABINET 2. EXECUTIVE MEMBER FOR GOVERNANCE AND ORGANISATIONAL DEVELOPMENT

Preparing for the General Data Protection Regulation (GDPR)

Information Governance Policy and Management Framework

TERMS AND CONDITIONS FOR INTERCEDE PRODUCTS AND SERVICES

Occupational Health and Safety (OHS) Coordinator

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

IBM Emptoris Strategic Supply Management on Cloud

Security of Personal Data Policy and Guidelines

TRANSLINK RECORDS MANAGEMENT POLICY

Report: State of Government Recordkeeping 2015/16

International Standards Reference

Project Procedure 1.0 PURPOSE 2.0 SCOPE 3.0 REFERENCES. No.: P /21/2012 PAGE 1 OF 12 PROJECT RECORDS MANAGEMENT

External Supplier Control Obligations. Information Security

Strategies for Social

Nissa Consultancy Ltd Data Protection Policy

ASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016

Implementation Practices for the Archiving and Compliance Infrastructure

Records and Information Management Framework. Government Records Office Archives of Manitoba

ABL Information Risk Policy

Solo Water. Retail Supply Management Plan IMS-OPER-B-8314-SW

LB35: Verifying IT and Business Continuity. Lucas G. Aimes & Terry DiVittorio, Project Performance Corporation (PPC)

How Your Business Survival Depends On Disaster Recovery.

Information Security Risk Management Programme and Strategy

The driver for all services should be consumer demand, unless inconsistent with Program values

SaaS Listing CA Agile Central

Information, Privacy and Archives Division. Government of Ontario Function-Based Common Records Series: Information Technology

IBM Emptoris Services Procurement on Cloud

Records Management Policy

GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector

HSCIC Audit of Data Sharing Activities:

Archives New Zealand Chief Archivist s Report to the Minister. Public Records Act 2005 Audits 2010/2011

Agenda Item. Issue under Consideration: Contract #12-037, Technology Assessment Master Agreement

IBM Incentive Compensation Management on Cloud

Licensee Wealth Today (ABN ) - AFSL

Position description

Transcription:

Document version: 2.8 Issued to: Harbinger Escrow Services Issued by: Harbinger Group Pty Limited Delivered on: 18 March 2015 Harbinger Group Pty Limited, Commercial in Confidence

Table of Contents 1 Introduction... 3 1.1 Summary... 3 1.1 Objective... 3 1.2 Scope... 3 1.3 Audience... 4 2 Policy Statement... 4 2.1 General... 4 2.2 Backup and restore... 5 2.2.1 Category 0: Client Material... 5 2.2.2 Category 1: Core Databases and Systems... 5 2.2.3 Category 2: Desktop and Laptop Computers... 5 2.2.4 Category 3: Other Storage Technologies... 5 2.2.5 Backup Routine... 5 2.3 Archive and Disposal... 6 2.3.1 Authorisation... 6 2.3.2 Archive and Disposal Routine... 6 2.4 Process and Roles... 6 2.4.1 Process Description... 6 2.4.2 Role Description... 7 3 Compliance Statement... 7 4 Background Material & References... 7 4.1 Background Material... 7 5 Related Documents... 7 6 Roles, Responsibilities and Contacts... 8 7 Review Timetable... 8 CONFIDENTIAL No part of this document may be reproduced, transcribed, translated into any language or transmitted in any form electronic or mechanical for any purpose whatsoever without the prior written consent of Harbinger Group Pty Ltd. Names of programs and computer systems are registered trademarks of their respective companies. Harbinger Group Pty Limited Version: 2.9 2.

1 Introduction 1.1 Summary This document provides Backup and Archival Policy to promote effective maintenance and custody of digital information assets and IT systems and data in accordance with the Australian and International Recordkeeping Standard AS/ISO15489.1 and to enable their efficient restoration to support business continuity of Harbinger Escrow Services s operations. For further information contact the policy owner defined in Section 6. 1.1 Objective The overall objective of the Backup and Archival Policy is: to ensure that IT systems and data are protected in accordance with their value / risk profile by systematically making a copy of, or backing-up each IT resource to facilitate its effective recovery for continuance of Harbinger Escrow Services s operations; and to ensure that the Vault Manager effectively supports the legal capture, retention and disposal of digital information assets in accordance with current legislation and standards through the maintenance of associated IT systems and adherence to their associated business rules. Related objectives of the Backup and Archival Policy include:- 1.2 Scope To appropriately mitigate the threat to Harbinger Escrow Services operations and its clients from degraded or unavailable IT systems and data To facilitate the design and implementation of appropriate IT systems and data recovery strategies that are aligned with IT resource value / risk profiles To educate Harbinger Escrow Services staff, contractors and suppliers in their responsibilities to Harbinger Escrow Services in relation to the protection of corporate and client IT systems and data. Protect return on investment in the information management solutions. This policy provides the rules and guidelines to facilitate the efficient and effective archiving and backup for company and client data and IT systems including: Databases, structured and unstructured information and IT systems residing on the following categories of infrastructure:- Category 0: Client Material Category 1: Core Databases and Systems Category 2: Desktop and Laptop Computers Category 3: Other Storage Technologies. Further this policy provides directives to guide: Archiving and Back-up frequency The addition, modification or deletion of a data back-up profile in a defined backup cycle The testing of archived data and system backup and restoration processes The testing of the validity of data and system restoration. 1 Digital information assets include electronic files, images, documents, instant messages, reports, multimedia, emails and other electronic records. Harbinger Group Pty Limited Version: 2.9 3.

1.3 Audience The execution of good management of the IT systems used to archive and backup digital records Vault Manager maintaining the technology systems that manage archived digital assets Vault Manager providing digital record archival and backup governance Account Managers administering their day-to-day operational adherence with HES Backup and Archival Policy Overall, this policy is relevant to all Harbinger Escrow Services employees and contractors that maintain data and IT systems. Specifically this policy is relevant to the Vault Manager who is involved in the implementation of IT operational processes. 2 Policy Statement 2.1 General The Vault Manager is responsible for the design, development, testing, installation, operation and maintenance of all routine and specialised archiving, backup, disposal and restoration procedures and processes required to protect Harbinger Escrow Services s IT systems and data. Procedures should include: Metrics for the measurement of demand and volume growth for backups and archives A definition of what constitutes appropriate storage and appropriate storage conditions to ensure records are: stored in the most appropriate format to retain the value of the record for its prescribed life protected from conditions of deterioration, loss, non-authorised destruction, theft, disaster and unauthorised access accessible to authorised individuals stored against documented risk and security profiles managed in a cost effective way Audit cycles to demonstrate that records have not been compromised through system outage or malfunction A time period for the reassessment of storage requirements to cater to changing business requirements. Backup cycles and archiving arrangements will incorporate evaluations of data sensitivity and IT system criticality to Harbinger Escrow Services operations. In the event of no Data Owner s instructions to an alternative, IT systems and associated data will be backed up in accordance with a minimum standard of archiving and backup. The Vault manager will produce, maintain and publish a register of data and IT systems included in backup cycles to clearly communicate the backup cycle frequency, backup type (e.g., full or incremental), approximate backup time, approximate restoration. Harbinger Group Pty Limited Version: 2.9 4.

2.2 Backup and restore 2.2.1 Category 0: Client Material The Vault Manager is responsible for the backup routine and the effective restoration of all client material, residing on Harbinger Escrow Services data vault The Managing Director is responsible for notifying the Vault Manager of changes to service requirements. The Vault Manager will provide advice and guidance on such changes. The Vault Manager is responsible for the restoration of data and information in client material and will regularly perform and monitor the results of trial restorations of client material. 2.2.2 Category 1: Core Databases and Systems The Vault Manager is responsible for the backup routine and effective restoration of all core databases, files and systems residing on Harbinger Escrow Services s servers and detached storage facilities. The Vault Manager is responsible for the restoration of data and information in core databases and systems. ITS will regularly perform and monitor the results of trial restorations of core databases and systems. 2.2.3 Category 2: Desktop and Laptop Computers Corporate data must not reside on any electronic devices including desktop, laptop or hand-held computers, smart phones or other electronic storage capable devices. Users of these devices (e.g. Harbinger Escrow Services employees and contractors) are responsible for ensuring that all corporate data and information is only stored on Harbinger s corporate storage facilities (e.g. Corporate: Cinderella and Ariel, Client Material: Mulan). Desktop, laptop, hand-held computers or PDA devices local disks and memory will not be systemically backed-up. The Vault Manager is responsible for the development of the procedures and processes that perform backup of Harbinger s corporate storage facilities that are designated for access and use by desktop, mobile (ie. laptop and held-hand computer) devices. Backup of these storage facilities will be performed in accordance with the agreed and published backup routine (Category 1). 2.2.4 Category 3: Other Storage Technologies Corporate data must not reside or be backed-up on any storage technologies including floppy disks, memory sticks or flash memory, CDs, DVD,s or portable disks. Harbinger employees and contractors must be made aware such actions are in contravention of their Confidentiality and Non-disclosure undertakings, and Harbinger s Code of Conduct. 2.2.5 Backup and Restore Routine Category Backup type Media Frequency Storage Category 0 Incremental D2D Daily Disk Full Tape Weekly on-site Full Tape Monthly off-site Restore As required (8 working hrs) Category 1 Incremental D2D Weekly Disk Full Tape Monthly off-site Restore As required (16 working hrs) Harbinger Group Pty Limited Version: 2.9 5.

2.3 Archive and Disposal 2.3.1 Authorisation All records identified for archive and / or disposal must be authorised for archive or disposal by the Managing Director AND by the Vault Manager. Valid method of archiving of digital records is (2 x copies) encrypt transfer to magnetic tape I x stored in onsite tape storage facility 1 x stored in offsite secure vault facility Valid methods of disposal of digital records and their backups are: irreversible reformatting or rewriting physical destruction of storage media. 2.3.2 Archive and Disposal Routine Category Type Media Frequency Condition Category 0 Archive Tape Annual 1 st July Not less than 12 months old Duly authorised Destroy n/a Annual 1 st July Client no longer active for 2 years (all agreements terminated) Notice of intention to destroy issued to Vendor and Enduser Notices contact + 21 days Duly authorised Category 1 Archive Tape Annual 1 st July Not less than 7 years old Duly authorised Destroy n/a Annual 1 st July Not less than 10 years old Duly authorised Important: Do not employ delete-instructions to destroy records as all system pointers and alias files referencing the records may not be destroyed. 2.4 Process and Roles 2.4.1 Process Description The effective execution of this policy involves the following procedures: Identify data, information and IT systems requiring backup / restoration, archive or disposal services Categorise backup / restoration, archive or disposal according to the Category 0,1,2,3 classification scheme Commence backup / restoration, archive or disposal processes Monitor and measure backup / restoration, archive or disposal Harbinger Group Pty Limited Version: 2.9 6.

Test and review of backup / restoration, archive or disposal 2.4.2 Role Description The above procedures involve a number of different roles with specific responsibilities described below. Desktop, Laptop and Hand-held Computer Users: Those individuals that use such devices in the execution of their job. Individual users are responsible for adherence to this policy and ensuring that Harbinger s data, information and IT systems are only stored on approved storage devices. Further they are responsible for the prudent use of allocated infrastructure and accept full responsibility for the backup of personal data and information stored on located assets. Account Managers: Those individuals that perform roles that assume accountability for client materials. Data Owners must ensure that client materials within their ownership portfolio are protected in accordance with this policy. They trigger requests for new, amended and cessation of service with the Vault Manager. Vault Manager: Individual that performs the roles that assume accountability and responsibility for the execution of backup / restoration services. 3 Compliance Statement Compliance to this backup and archive policy is critical to the continuance of Harbinger Escrow Services s operations and service delivery. Conformance to this policy will be monitored annually. Trial execution of it s backup and restoration services will be tested quarterly. Execution of Archive and Disposal will be undertaken annually (on or around 1 July). 4 Background Material & References 4.1 Background Material Best Practices, Disaster Recovery and Business Continuity Planning (Harbinger Group 2007). 5 Related Documents HES040149 Harbinger Escrow Services Recordkeeping and Retention Policy Harbinger Group Pty Limited Version: 2.9 7.

6 Roles, Responsibilities and Contacts Roles & Responsibilities Issuing Authority Change Authority (Authority to change the Policy or give exception waivers) Owner Further information Contact Details This document is produced under the authority of Managing Director, Harbinger Escrow Services, who authorised its publication on 18 03 2008. Managing Director, Harbinger Escrow Services. Managing Director HES Please contact members of HES 7 Review Timetable This policy will be reviewed every 12 months by the policy owner to maintain its currency and validity. Its next scheduled review will occur in September, 2012. Harbinger Group Pty Ltd ABN 58 120 491 554 Melbourne Level 4, 34 Queen Street Melbourne, VIC 3000 Ph: (61 3) 9618 2000 info@harbinger.com.au www.harbinger.com.au No part of this document may be reproduced, transcribed, translated into any language or transmitted in any form electronic or mechanical for any purpose whatsoever without the prior written consent of Harbinger Group Pty Ltd. Names of programs and computer systems are registered trademarks of their respective companies.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback