All critical backup media, documentation and other IT resources needed for IT recovery, and business continuity plans are stored offsite. The content of backup storage is determined after collaboration between business process owners and IT personnel.
Management at the offsite storage facility acts on the basis of data classification policy and the enterprise’s media storage practices. IT management ensures that offsite arrangements are periodically assessed, at least annually, for content, environmental protection and security.
Compatibility of hardware and software for restoring archived data is ensured, and archived data is periodically tested and refreshed.
Specification
Data critical to the operation of the IT service is periodically stored on offline backups.
Offline backups are kept in secure locations and procedures are in place for restoring and (re-)moving them.
Offline backups are kept geographically separated from the IT source of the backup.
All data necessary to continue operation of a service in case of an incident, are in accordance with the agreed RTO and RPO. This also includes a test, that successful restoration is possible.
ISO 27001 & 27002:2022
A8.13
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
BC.03 Offsite back-up opslag