Backup Policy

Making regular and comprehensive back-ups of data is the only good assurance against an infection or an attack that would corrupt the production data or render it inaccessible.

Regular back-ups consist of making a copy of all the important data on a (non-)physical carrier, which is different from that on which the data was generated. The best way to start is to have a policy in place for end-users which explains where critical data needs to be stored (for example on a specific share, location, etc.).

Define how often backups for each type of data should be performed, what media they should be stored on and how long you will keep the backup.


Your backup policy should also have provisions for encryption, offsite or cloud backup storage and recovery and who is authorized to request retrieving your backups.


Define the frequency and type of back-up for each category of data in the company (public vs corporate vs personal data)