Back Ups and Recovery
The institution is likely to be held responsible by the software supplier for implementing back-up and recovery procedures to enable the system to be fully restored and lost or altered files, data or programs reconstructed with minimum loss of data and delay.
In order to allow the institution to plan its back-up and recovery procedures, the software supplier should be asked to describe the software's own rollback and restore capabilities and the ideal arrangements for backing-up and recovering data. As it must be possible to run the system during routine backups with minimum impact on performance and response times, the supplier should also be asked to explain how the system copes with records being read or written while a back-up is in progress.
Considerations when establishing back-up and recovery procedures will include:
- system file and database back-ups to be taken every night;
- back-up media to be stored in a suitable fireproof safe in a building remote from the live servers;
- daily back-ups to be retained for one month, and monthly back-ups for one year;
- system to be restored to a different server periodically from recently created back-ups to validate the integrity of the back-ups taken and the suitability of the media used;
- provision of an uninterruptible power supply (UPS) of sufficient capacity to allow the system to operate with a normal user load for the first two hours following a power failure and then an orderly system shutdown and maintain sufficient air conditioning facilities in the computer room;
- provision of fire alarm and fire suppression facilities in computer room; and
- provision of physical security for computer room.
