Backup of Tenet information assets is critical to protecting the integrity, confidentiality and availability of those assets. Tenet information assets must be backed up and the backup information stored to ensure availability. All backup data must be encrypted. How often and the method by which data is backedup depends upon the nature of the information and the level of effort it would take to recreate.
- Data Backup Plan
- Document Tenet Facility’s backup administration procedures
- Backup Generation
- Generate backups for all systems that maintain data critical to the facility
- Include all systems identified as Categories 1-4
- Conduct backup planning for all critical systems
- Include backup schedule for each system
- Recommended backup schedule for most file servers
- Incremental or differential backup
- Perform daily Monday through Sunday
- Retain for two weeks
- Full backup
- Perform weekly (1x per week)
- Retain for four weeks
- Archival backup
- Perform monthly during a selected point in the month
- Retain per records retention policy
- Required backup schedule for all mail servers
- Full backup
- Perform daily, seven days per week
- Backups taken off-site and retained for thirty days before being re-used
- Backup Storage
- Backups must be stored off-site until ready to be used
- Storage at different campus or separate building from server is preferred
- On-site storage requires secured location (e.g.,tape library)
- Labels on backup tapes are required
- Stored data must be tested periodically for recoverability
- Second copies of backups may be stored in tape library or secured vault
- Backup media log is maintained with copy of the log saved off-site
- Business Associate Agreement (BAA) must be executed with backup storage vendors
- Backup Retention
- Saved for however long the retention period is for record retention and data restoration
- Backups for restoring data must be kept for enough time to allow backup tape rotation
- Backup Retrieval
- Shipping tapes to remote sites for Disaster Recovery should be considered
- Backup retrieval requirements vary by data criticality category
- Category 4: At hot site in redundant system
- Category 3: Accessible for restoration within 24 hours
- Category 2: Accessible for restoration within 72 hours
- Category 1: Accessible for restoration beyond 72 hours (must be reasonable)
- Category 0: No backup requirements
- Backups of Network Assets
- Changes and updates to network assetsare backed up
- Backup target is a server designated by the Network Administrator
- Server is backed up following these procedures