This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
wiki:policies:infosec [2023/02/20 15:32] katcow |
wiki:policies:infosec [2023/08/30 15:17] katcow |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Information Security | + | ====== Information Security |
===== Information Security Organization ===== | ===== Information Security Organization ===== | ||
Line 43: | Line 43: | ||
==== Data Protection Officer (DPO) ==== | ==== Data Protection Officer (DPO) ==== | ||
- | The DPO, responsible for approving data processing projects, | + | The DPO, responsible for approving data processing projects, |
+ | |||
+ | **DPO Email: | ||
==== Data Protection Impact Analysis Plan ==== | ==== Data Protection Impact Analysis Plan ==== | ||
Line 57: | Line 59: | ||
- **Scope of the processing: | - **Scope of the processing: | ||
- **Context of the processing: | - **Context of the processing: | ||
- | - **Purpose of the processing: | + | - **Purpose of the processing: |
- **Consultation Process** | - **Consultation Process** | ||
- describe when and how you will seek individuals’ views – or justify why it’s not appropriate to do so. Who else do you need to involve within your organization? | - describe when and how you will seek individuals’ views – or justify why it’s not appropriate to do so. Who else do you need to involve within your organization? | ||
Line 103: | Line 105: | ||
Remote workers are responsible for ensuring that their remote systems are backed up on a periodic basis. | Remote workers are responsible for ensuring that their remote systems are backed up on a periodic basis. | ||
- | * It is recommended that all personal computers be backed up. Copies of the personal computer files should be uploaded to the Nested Knowledge | + | * It is recommended that all personal computers be backed up. Copies of the personal computer files should be uploaded to the Nested Knowledge |
=== Backup Strategies === | === Backup Strategies === | ||
Line 110: | Line 112: | ||
* Automated backup functions within software packages should be used where applicable. | * Automated backup functions within software packages should be used where applicable. | ||
* When a computer equipment is changed, consideration should be given to the backup media and data formats to ensure that they can still be restored. | * When a computer equipment is changed, consideration should be given to the backup media and data formats to ensure that they can still be restored. | ||
- | * The database | + | |
+ | === Database Back Ups === | ||
+ | |||
+ | Backups are generated as database | ||
+ | |||
+ | In addition to backups on our main cloud provider (AWS), we generate & store backups on a separate | ||
=== Restoration === | === Restoration === | ||
Line 119: | Line 126: | ||
* Backups are manually compared for validity against existing projects | * Backups are manually compared for validity against existing projects | ||
* Evidence of success backup is maintained internally, including time of test, verifiers, screenshots of successful staging deployment, and notes on any issues & remediations. | * Evidence of success backup is maintained internally, including time of test, verifiers, screenshots of successful staging deployment, and notes on any issues & remediations. | ||
+ | |||
+ | **Testing** | ||
+ | |||
+ | Backup and restore procedures must be tested at least annually. Issues with backups identified should be documented and remediated. | ||
===== Revision History ===== | ===== Revision History ===== | ||
Line 124: | Line 135: | ||
^Author^Date of Revision/ | ^Author^Date of Revision/ | ||
|K. Cowie|11/ | |K. Cowie|11/ | ||
- | |K. Holub|02/09/2023|Tracking restoration history| | + | |K. Holub|05/26/2023|Off provider database back ups| |
|K. Kallmes|11/ | |K. Kallmes|11/ | ||
|P. Olaniran|11/ | |P. Olaniran|11/ |