{"id":2507,"date":"2025-04-24T22:13:01","date_gmt":"2025-04-24T22:13:01","guid":{"rendered":"https:\/\/www.tarleton.edu\/technology\/?page_id=2507"},"modified":"2025-04-25T14:32:45","modified_gmt":"2025-04-25T14:32:45","slug":"tarleton-oits-backup-recovery-standard","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/technology\/tarleton-oits-backup-recovery-standard\/","title":{"rendered":"Tarleton OITS Backup Recovery Standard"},"content":{"rendered":"\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<h1 class=\"wp-block-heading\">Tarleton Office of Innovative Technology Solutions (OITS) <br> Backup Recovery Standard<\/h1>\n\n\n\n<p>Effective: February 11, 2020<\/p>\n\n\n\n<p>Revised:\u00a0 April 25, 2025\u00a0<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image alignright size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.tarleton.edu\/technology\/wp-content\/uploads\/sites\/170\/2021\/12\/Tarleton_TonTexas.svg\" alt=\"The Tarleton State University logo\" class=\"wp-image-670\" style=\"width:159px;height:auto\" \/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity has-vivid-cyan-blue-to-vivid-purple-gradient-background has-background is-style-wide\" \/>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedure Summary<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Routine electronic backups of data and systems are a requirement to enable the recovery of data and applications in case of events such as natural disasters, system disk drive failures, corruption, data entry errors, or system operations errors. The purpose of this standard is to establish the process for the backup and storage of electronic information.&nbsp;&nbsp;<\/p>\n\n\n\n<p>This standard applies to Tarleton State University information resources that contain mission critical information. It provides a set of measures that will mitigate information security risks associated with the backup and recovery of information. There may also be other or additional measures that will provide appropriate mitigation of the risks. The assessment of potential risks and the application of appropriate mitigation measures are to be determined by the information resource owner or their designee. In accordance with <a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?chapter=202&amp;interface=VIEW_TAC&amp;part=10&amp;title=1\">Texas Administrative Code (TAC) Chapter 202 &#8211; Information Security Standards<\/a>. As per <a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?$locale=en_US&amp;interface=VIEW_TAC_SUMMARY&amp;queryAsDate=04%2F24%2F2025&amp;recordId=206714\">TAC \u00a7202.72<\/a>, an information resource owner that decides not to implement some or all of the standards provided in this SAP must justify and document such exceptions based on information security risk management decisions and\/or business functions. The information resource owner must then report any exceptions to these standards to the designated information security officer (ISO)\/chief information security officer (CISO). <\/p>\n\n\n\n<p>This SAP applies to all university staff responsible for the support and operation of university information resources that contain mission critical information.<\/p>\n\n\n\n<div class=\"wp-block-group word-wrap: normal is-layout-flow wp-block-group-is-layout-flow\">\n<p>Please see the <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/contingency-planning-cp\/cp-1-contingency-planning-policy-and-procedures\/\">Tarleton Security Controls Catalog, specifically the Contingency Planning (CP) family<\/a>, for additional information and requirements.<\/p>\n<\/div>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedures and Responsibilities<\/strong>&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>The frequency and extent of backups shall be determined by the importance of the information, potential impact of data loss\/corruption, and risk management decisions by the data owner.\u00a0\u00a0<\/li>\n\n\n\n<li>Mission critical information backup and recovery processes for each system, including those for offsite storage, shall be documented and reviewed periodically. Additionally, mission critical data shall be backed up on a scheduled basis and stored off-site in a secure, environmentally safe, locked facility.\u00a0\u00a0<\/li>\n\n\n\n<li>Physical access controls implemented at offsite backup storage locations shall meet or exceed the physical access controls of the source systems. Additionally, backup media must be protected in accordance with the highest sensitivity level of information stored.\u00a0\u00a0<\/li>\n\n\n\n<li>Processes must be in place to verify the success of the information resource backups.\u00a0\u00a0\u00a0<\/li>\n\n\n\n<li>Backups shall be periodically tested to ensure that they are recoverable.<\/li>\n\n\n\n<li>Backup media must have identifying criteria that can be readily identified by labels and\/or a bar-coding system, which should include, but is not limited to the:\n<ul class=\"wp-block-list\">\n<li>system name;<\/li>\n\n\n\n<li>creation date;\u00a0\u00a0<\/li>\n\n\n\n<li>sensitivity classification of mission critical or confidential information based on <a href=\"https:\/\/www.tarleton.edu\/compliance\/records-management\/\">applicable electronic record retention regulations<\/a>; and\u00a0\u00a0<\/li>\n\n\n\n<li>departmental information resource contact information.\u00a0\u00a0<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Definitions<\/h2>\n\n\n\n<p><strong>Information Resources<\/strong> <strong>(IR)<\/strong>: the standards, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Information Security Officer (ISO<\/strong>)<strong> \/ Chief Information Security Officer (CISO):<\/strong> responsible for administering Tarleton\u2019s information security functions and reports to the information resources manager (IRM).&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Mission Critical Information: <\/strong>information that is defined by the university or information resource owner to be essential to the continued performance of the mission of the University or division\/unit. Unavailability of such information would result in more than an inconvenience. An event causing the unavailability of mission critical information would result in consequences such as significant financial loss, institutional embarrassment, noncompliance with regulations or legal obligations, or closure of the university or division\/unit.\u00a0\u00a0<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Related Statutes, Policies, or Requirements<\/strong>&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/policies.tamus.edu\/29-01.pdf\">TAMUS Policy 29.01, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-02.pdf\">TAMUS Regulation 29.01.02, Use of Licensed Software<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-03.pdf\">TAMUS Regulation 29.01.03, Information Security<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-04.pdf\">TAMUS Regulation 29.01.04, Accessibility of Electronic and Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-05.pdf\">TAMUS Regulation 29.01.05, Artificial Intelligence<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-06.pdf\">TAMUS Regulation 29.01.06, Covered Applications and Prohibited Technologies<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_03_T0_01.pdf\">Tarleton SAP 29.01.03.T0.01, Information Resources &#8211; Acceptable Use<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_99_t1.pdf\">Tarleton Rule 29.01.99.T1, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/\">Tarleton Security Controls Catalog<\/a><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Contact Office<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Office of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>AVP and CIO of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>254-459-5685&nbsp;<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tarleton Office of Innovative Technology Solutions (OITS) Backup Recovery Standard Effective: February 11, 2020 Revised:\u00a0 April 25, 2025\u00a0 Procedure Summary&nbsp; Routine electronic backups of data and systems are a requirement &#8230;<\/p>\n","protected":false},"author":94,"featured_media":580,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-fullwidth.php","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-2507","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/technology\/author\/jgeorge\/","display_name":"jgeorge"},"relative_dates":{"created":"Posted 12 months ago","modified":"Updated 12 months ago"},"absolute_dates":{"created":"Posted on April 24, 2025","modified":"Updated on April 25, 2025"},"absolute_dates_time":{"created":"Posted on April 24, 2025 10:13 pm","modified":"Updated on April 25, 2025 2:32 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/2507","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/users\/94"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/comments?post=2507"}],"version-history":[{"count":2,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/2507\/revisions"}],"predecessor-version":[{"id":2509,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/2507\/revisions\/2509"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/media?parent=2507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}