Effective: 10-07-21
Supersedes: NA
Introduction:
To meet business objectives and ensure continuity of its mission critical operations, the Information Technology Department follows well-defined plans and procedures to ensure timely and reliable backup of its critical IT assets. This policy reiterates the commitment of Brewster towards delivering the fastest transition and highest quality of services through the backup arrangement designed to minimize any down-time or loss of data.
The purpose of this policy is to provide means to restore the integrity of the computer systems in the event of a hardware/software failure or physical disaster; and provide a measure of protection against human error or the inadvertent deletion of important files.
Policy:
All company computer systems maintained by the IT Department are backed up on a regular schedule. These systems are not necessarily limited to servers. Servers expected to be backed up include the file server, the mail server, and the web server. The backup media will be stored with sufficient protection and proper environmental conditions. The off-site location can include “cloud” computer storage. The systems backups will consist of regular (full) and incremental backups, depending on size.
Backup copies of operating systems and other critical information system software shall not be stored in the same location as the operational software.
Backups must be periodically tested to ensure that they are recoverable. To confirm media reliability and information integrity, the back-up information shall be tested at some specified frequency
Procedure:
Mission Critical Virtual machines are backed up with StorageCraft images, incremental and full (schedule varies based on system). Typical setup for production servers is rolling seven (7) days of incremental backups every two (2) hours, fifteen (15) days of Daily image backups, ninety (90) days of consolidated Weekly image backups, and twelve (12) months of monthly image backups.
SQL servers have a full SQL backup nightly, as well as T Log backups performed every fifteen (15) minutes for all mission critical databases. Also the RCSQL Database (CAD System) is replicated in near real-time to a secondary server to act as a disaster recovery component as well as taking the brunt of the reporting/analytic processing off of the production system.
Disaster Recovery
If the failed machine is a Virtual machine we will restore the most recent image backup of the system, if it is a total loss, or restore affected files if that is all that is required. Physical SQL servers will be migrated to a new VM host (replicated SQL server in the event of our main production SQL Server) will be brought online with the most recent SQL Database backups to remain operational until the physical server is brought back to a repaired/operational status.
Patching
All workstations have Windows published patched installed weekly using our approved, HIPAA Compliant Remote Management Platform. If a machine is offline while the patching is scheduled, the next time that machine is online it will be patched. Our Third-Party software patching that is supported in our approved, HIPAA Compliant Remote Management Platform, is also patched weekly, and again if a machine is offline during the patching time, it will happen next time the device checks in.