Purpose - The UTSA Backup/Data Recovery Standard establishes the rules for the backup, storage and recovery of electronic university information.

Audience - The UTSA Backup/Data Recovery Standard applies to all individuals within the UTSA enterprise who are responsible for the installation and support of information resources, individuals charged with information resources security and data owners.

Services – The Office of Information Technology (OIT) has existing arrangements for off-site backup data storage. These services can be extended to all UTSA entities upon request. OIT will maintain a list of all departmental systems and their backup arrangements.

1. The frequency and extent of backups must increase as the importance of the information and the risk of loss, as determined by the data owner, increase.

2. The UTSA Information Resources backup and recovery process for each system must be documented and periodically reviewed by the system owner.

3. Physical-access controls implemented at off-site backup storage locations must meet or exceed the physical access controls of the source systems. Additionally, backup media must be protected in accordance with the highest UTSA sensitivity level.

4. A process must be implemented to verify the operability of the UTSA electronic information backup, including periodic testing, to ensure that backups are recoverable.

5. Signature cards held by the off-site backup storage vendor(s) for access to UTSA backup media must be reviewed annually or when an authorized individual leaves UTSA.

6. Procedures involving UTSA and the off-site backup storage vendor(s), if any, must be reviewed at least annually.

7. Backup tapes must have, at a minimum, the following identifying markers that can be readily displayed by labels and/or a bar-coding system:

   1. System name

   2. Creation date

   3. Sensitivity Classification (Based on applicable electronic record retention regulations)

   4. UTSA contact information.