Anyone doubt that a critical part of any system of information security measures, and that it must therefore be well planned to meet a company’s needs and reduce the impact of possible security incidents, are copies of backup and restore. The RLOPD defines the backup as a backup of data from a computer file in a bracket that enables its recovery. It also obliges documenting procedures for the recovery of data in files or automated treatments that guarantee its reconstruction both the realization of backup copies. A backup procedure must exist in writing, be accessible and put into knowledge of all those who may affect storing, if necessary, a copy outside the facilities where the systems are. This type of procedure could contain information on: responsible for backup: person in charge of performing backups (if they were made manually) and revise them according to the planning established. This task could outsource to a third party (e.g. computer services company). You will appoint a delegate that will be responsible for backup in the absence of the responsible (and breakfast, casualties, etc).
Both the Manager and the delegate should be clearly identified and locatable in case urgent incidence outside working hours (e.g. mobile phone). Training: Training Plan for both the responsible as to the delegate so that they are familiar with the procedures. Classification of the information. For example according to their importance (critical, important or low), depending on the sensitivity of the personal data (high, medium, low) treaties, etc. This will allow us to consider if the copies must be compressed, protected with passwords, or even encrypted. Nature of the information: analysis of what to copy our systems. What type of information are going to copy? Complete (clone or image), System (records, configuration), applications, databases, documents, etc. Depending on the nature of the information necessary to make decisions such as the type of backup software to use to allow hot backups.