POLICY REF NO: SABP/EXECUTIVE BOARD/0027

NAME OF POLICY

IT Backup and Restore Policy

REASON FOR POLICY

Identifies approach and responsibilities for backup and restore of IT systems and data under Trust ownership and control.

WHAT THE POLICY WILL ACHIEVE: To ensure that the data held on the networked file servers has its integrity and availability retained in supporting business operations; To assist the Trust’s forensic readiness position in protecting the Trust, its staff and users of Trust services through the availability of reliable digital evidence gathered from the networked file servers that are within the scope of this Policy. WHO NEEDS TO KNOW ABOUT IT? IT Department Staff, Information System Owners, Information Asset Administrators, System Owners,, System Administrators, all users of the Trust Data network 05/02/2015 DATE APPROVED VERSION NUMBER

2.0

APPROVING COMMITTEE

Executive Board Policy Assurance Group 05/02/2015 05/02/2018 Associate Director – IT Technical Team Leaders - IT

DATE OF IMPLEMENTATION DATE OF FORMAL REVIEW REVIEWER: RESPONSIBLE DIRECTORATE

Finance All users of Trust data network

DISTRIBUTION

Page 1 of 4

VERSION CONTROL SHEET Version

Status Comments

Date

Author

0.1

Oct 2009

N Rayment

Draft

First draft for comment

0.2

Jan 2010

N Rayment

Draft

1.0

Apr 2010

N Rayment

Final

Incorporation of comments from Information Security Officer For submission to IGSG

1.1

Dec 2011

N Rayment

Final

1.2

Sep 2011

N Rayment

Final

2.0

Dec 2014

N Rayment

Final

Summary of Changes Page /Paragraph/Appendix Number

For directorate approval and submission to Exec Board Updated to reflect move to Mole Business Park and corporate restructure 3 year review and new template

Original / New / Amendment / Deleted – Statement (select the appropriate action)

Page 4 – Section 1 Amended: West area amended to cover Active Directory Page 4 – Section 3 Amended: Oaklands House changed to Mole Business Park Page 5 – Section 4 Roles and Responsibilities section removed as included within the procedure Whole document Transferred to new Policy template format Section 1 – page 3 Amend Oaklands House area to Mole Business Park Amend Ridgewood to Chertsey Section 2 – page 3 Remove Ridgewood Centre from Scope Section 4 – page 3 Amend policies to Records Management Policy and Information Security Policy Section 5.1 – page 4 Remove PDAs/CDs and replace with tablets, Smartphones Section 7 – page 6 Amend Director of IM&T Built Environment to Chief Finance Officer

Page 2 of 4

Policy 1. Policy Statement The Trust network is split between two data centres each with separate responsibility: • •

East (Mole Business Park area) West (Chertsey / Guildford area)

The Trust IT department currently operates a Monday – Friday week-day service excluding Bank Holidays and that is reflected in backups only being carried out at the end of those service days. All Trust networked file servers are currently subject to full backups to magnetic tapes. Those tapes are held in fire safes that are located, as a minimum, in separate fire zones from their associated server rooms. Each server room has a local set of backup procedures and these are subject to periodic review.

2. Scope of Policy This Policy covers the following server rooms and the networked file servers within them: • •

Mole Business Park Farnham Road Hospital

3. Purpose To ensure that the data held on the networked file servers has its integrity and availability retained in supporting business operations To assist the Trust’s forensic readiness position in protecting the Trust, its staff and users of Trust services through the availability of reliable digital evidence gathered from the networked file servers that are within the scope of this Policy.

4. Associated Trust Policies/ Procedure This Policy supports the following Trust Policies • •

Records Management Policy Information Security Policy

Page 3 of 4

6.

Legal and Regulatory Obligations The Trust shall comply with the following legislation and other legislation as appropriate: • • • • • • • • • •

7.

The Data Protection Act (1998) The Data Protection (Processing of Sensitive Personal Data) Order 2000. Access to Health Records Act (1990) The Copyright, Designs and Patents Act (1988) The Computer Misuse Act (1990) The Health and Safety at Work Act (1974) Human Rights Act (1998) Regulation of Investigatory Powers Act 2000 Freedom of Information Act 2000 Health & Social Care Act 2001

Reporting The IT Technical Team Leaders are to routinely report to the Associate Director of IT on operational management and monitoring processes, concerns and issues. The IT Technical Team Leaders will report any information governance or security concerns to the Information Security Manager. Where there are breaches of confidentiality or data loss then the Trust Incident Management Policy is to be followed. The Associate Director of IT will report to the Chief Finance Officer on the adequacy and effectiveness of the operational management and monitoring and any concerns and issues Any relevant information governance or security issues are to be reported to the Information Governance Steering Group (IGSG) and through that channel to the Senior Information Risk Owner (SIRO)

8.

Policy Audit This policy shall be subject to periodic audit by either Internal or External Audit as part of the Trust audit assurance framework.

9.

Policy Review This Policy will be subject to periodic review and after any significant IT infrastructure or relevant regulatory changes.

Page 4 of 4

PROCEDURE REF NO: SABP\EXECUTIVE BOARD\0027 Trust Server Backup Plan and Procedure

NAME OF PROCEDURE

Identifies approach, actions and responsibilities for backup and restore of the IT server environments located at Mole Business Park and Farnham Road Hospital.

REASON FOR PROCEDURE

WHAT THE ACHIEVE:

PROCEDURE

WILLDocuments agreed procedures and processes for ensuring valid backups are taken of the Trusts internal IT server environments Supports business continuity disaster recovery arrangements

and

DATE APPROVED

IT Department Staff; System Owners and Administrators; Information Asset Owners and Administrators 05/02/2015

VERSION NUMBER

1.0

APPROVING COMMITTEE

Executive Board Policy Assurance Group 05/02/2015 05/02/2018 Technical Team Leaders Associate Director IT

WHO NEEDS TO KNOW ABOUT IT?

DATE OF IMPLEMENTATION DATE OF FORMAL REVIEW REVIEWER: RESPONSIBLE DIRECTORATE

Finance

DISTRIBUTION

IT Department Staff; System Owners and Administrators; Information Asset Owners and Administrators

Page 1 of 13

VERSION CONTROL SHEET Version

Date

Author(s)

Status

Comments

0.1

Oct 2010 James Devereux

Draft

First draft for comment and review

1.0

Dec 2010 James Devereux

Final

For ratification Directorate

1.1

Jan 2015 James Devereux

Draft

Three year review

by

Neil Guest

NB. Please note this control sheet is for control purposes and the policy is published as version 1 as first time published. Summary of Changes Page /Paragraph/Appendix Number (select the appropriate action) Entire Document

Original / New / Amendment / Deleted – Statement (select the appropriate action)

Section 5

Amendment – detail of data removed and replaced with reference to network drive where this detail is stored securely Amendment - screen shot updated

Appendix 1

Updated to new procedure template format and sections rearranged to meet with new format. Previous separate procedures have been amalgamated into a single procedure document to cover both server data centre sites

Page 2 of 13

CONTENTS PAGE 1. Introduction

4

2. Roles and Responsibilities

4

3. Agree backup/restore strategies administrators/information asset owners

with

system 5

4. Backup Approach

5

5. Data backups

6

6. Backup Logs

6

7. Backup Monitoring

6

8. Management of backup failure

6

9. File Restoration

7

10. Tape Rotation and Storage

7

11. Disposal of redundant/damaged tapes

7

12. Monitoring of Compliance

8

13. Equality Analysis

8

14. Appendices

13

Page 3 of 13

Procedure 1. Introduction This procedure details the approach, actions and responsibilities for backup and restore of the Trust local IT server environments and systems hosted thereon. 2. Roles & Responsibilities All users of networked file servers • To use those servers and associated shared network drives as the primary storage repository for all electronic documents used in supporting Trust business operations; •

To not routinely hold electronic documents used in supporting Trust business operations on the local hard drives of desktop computers. Where such documentation is held it is to be on a temporary basis, to be copied to the networked file servers at the first available opportunity, and the local hard drive copy deleted after checking that the networked file server copy is accessible and is complete and accurate;

•

To ensure that any portable media storage devices used to hold electronic documents supporting Trust business operations are synchronised to the network file servers on a regular basis to retain data integrity. Data held on these devices should be on a temporary basis, be copied to the networked file servers at the first available opportunity, and the device copy deleted after checking that the networked file server copy is accessible and is complete and accurate. Portable media storage devices include laptops, tablets, smartphones, DVD’s and USB memory sticks.

System Administrators/Information Asset Administrators • Where systems are being held on the networked file servers, to liaise with the IT Technical Team Leaders to agree a backup/restore strategy for that system and its review; •

Where the system is classed as a significant system to liaise with the Information Asset Owner to ensure the backup/restore strategy is adequate.

IT Technical Team Leaders Using the relevant local procedures to operationally manage and monitor the service processes: •

Setting backup schedules for existing and new systems Page 4 of 13

•

Changing backup tapes

•

Storing the backup tapes

•

Checking backups have been successful

•

Managing a backup failure

•

Maintaining the backup log

•

Cleaning of tape drives

•

Retention of backup tapes

•

Restoration of files

•

Secure disposal of tapes

•

Liaise with system administrators, information asset administrators on agreeing and reviewing backup and restore strategies

Associate Director of IT • To have line management responsibility for this procedure •

To have operational directorate responsibility for the adequacy and effectiveness of the backup/restore strategies.

Information Security Manager • To provide support and advice on information governance and information security over the policy, supporting procedures and backup/restore strategies 3. Agree backup/restore strategies with system administrators / information asset administrators Liaise with the system administrator/information asset administrator, agree the backup/restore strategy, record it and establish if it is viable given IT technical resource capacity and capability. Once confirmed/modified and agreed, use it to base the backup/restore tasks on. This will include deputising arrangements for cover in the event of staff absence (both planned and unplanned). 4. Back Up Approach The backup approach is via a central backup facility running Microsoft DPM (Data Protection Manager), which runs a dual approach for short term and long term retention. Short term retention is on disk, located in the same rack as the servers, and long term retention is on to tape. Tapes are moved offsite: Page 5 of 13

o On a weekly basis at Farnham Road Hospital to Ridgewood Site o On a monthly basis at Mole Business Park to West Park Hospital Site 5. Data Backed Up Active protection groups, Servers covered and Data backed up for every server in the Trust local IT server farms are listed in the SABP Systems Documentation and Serial Numbers spreadsheet located in the IT shared drive subfolder: \Technical Support\Admin\AD Master System Information. This spreadsheet is password protected and accessible only to Technical Team Leaders and Senior IT Support Engineers. This spreadsheet is updated each time a new server is implemented, old server decommissioned or any changes made to the backup procedure for any server. 6. Backup Logs All logs are created electronically by the backup software. 7. Back Up Monitoring DPM automatically emails the selected users in the IT Technical team advising of issues and errors when they happen. A Tape Management Report is automatically emailed to selected Technical team members: o For Farnham Road Hospital every Monday at 6:00hrs. o For Mole Business Park every day at 12:00hrs This report advises what tapes are required to be moved offsite and which tapes can be returned to the DPM server. (See examples at Appendix 1) 8. Management of Backup Failure In the event of an unsuccessful backup selected IT Technical team members will receive email notification. They must immediately: • Investigate the back up on the DPM Server, checking logs, and resolve the problem. • Advise external support of the failure if required. Other possible actions, depending on the circumstances and subject to agreement with the Technical Team Leader are: • Clean the tape drive using the manufacturer’s recommended cleaning cartridge • Check the age of the tape used. Destroy tape and replace if near or over its age limit Page 6 of 13

• If the backup fails repeatedly, it may be necessary to perform a manual backup. This takes time, and must be performed when all users are logged out. 9. File Restorations • To request a restoration of file, a user must firstly log a request with the IT Service Desk • Each file is restored to its original location and then checked by the user 10. Tape Rotation and storage Farnham Road Hospital: All off site tapes are stored at the Ridgewood Centre in a fireproof safe in ‘A’ wing. Mole Business Park: Weekly tapes are stored at 18 Mole Business Park in a fireproof safe located in the IT store room in the basement, this is a separate fire zone from the IT server room. Monthly and yearly tapes are stored at Ramsey House, West Park Hospital in a fireproof safe in the main IT communications room. 11. Disposal of redundant/damaged tapes Authorisation for the destruction of IT media must be obtained from the IT Technical Team Leader/System Administrator. The responsibility for the disposal of hard disks, tapes, microfiche etc lies with the system administrator. In all cases, the disposal must be logged in order to maintain an audit trail. Media must be stored or disposed of securely and safely when no longer required. This will prevent third parties fully or partially extracting data from the media that has been disposed of.

Page 7 of 13

12. Monitoring of Compliance What will be monitored Ability to recover files from backup

How/Method Frequency Audit Service Bi-annually Desk requests for file/system restores

Ability to recover Full Disaster Annually system from backup Recovery test

Lead

Reporting to

Technical Team Leaders

Associate Director of IT

Technical Team Leaders

Associate Director of IT

Deficiencies / gaps recommendations and actions Corrective actions to be identified and an action plan to address deficiencies put in place Corrective actions to be identified and an action plan to address deficiencies put in place

13. Equality Analysis The equality analysis guidance notes and template are provided to support you in meeting the requirements of the Public Sector Equality Duty which came into force on 5 April 2011. You should use this template to record evidence that equality analysis has been carried out before policy decisions take place. The form is a written record that demonstrates that you have shown due regard to the need to eliminate unlawful discrimination, advance equality of opportunity and foster good relations with respect to the characteristics protected by equality law.

13.1. About the policy/project/change Title of the policy / project / change:

Farnham Road Hospital AD Area Server Backup Plan and Procedure

What are the intended outcomes / Identifies approach, actions and changes expected as a result of this responsibilities for backup and restore of policy / project / change: the IT server environment at Farnham Road Hospital Are there links with policies/projects: (if yes – provide details)

other

existing IT Backup and Restore Policy

13.2. Decide if the policy / project / change is equality relevant Does

the

policy/project

involve,

or

have Provides assurance for people Page 8 of 13

consequences for people using services, carers, who use our services, carers, employees or other people? If yes, please state the staff and other organisations. groups of people who are likely to be affected. If yes, then the policy/project is equality relevant. If no, you can skip to section 6. However the majority of Trust policies and projects are equality relevant because they affect people in some way.

13.3. Gathering evidence to inform the equality analysis What evidence have you gathered to help inform this analysis? This can include evidence from national research, surveys & reports, interviews and focus groups, policy monitoring and evaluations from pilot projects, etc. If there are gaps in the evidence available under any of the characteristics, please explain why this is the case and state what actions will be taken to close the gaps as part of the action plan. Please ensure you check Annex C of the guidance notes for sources of evidence. The Protected Characteristics & Evidence Using the relevant available evidence - what is known, understood or assumed about each of the equality groups / protected characteristics identified below that could be relevant to this policy / project / change. Record the sources of the evidence used for all the protected characteristics Existing Legislation & regulatory documentation and existing Trust Policies, Guidance & Procedures 13.4. Engagement and Involvement Record the names of the people and/or groups involved in gathering evidence and/or testing the evidence against the policy / project / change. Who and how were they involved? Who – name of individual / group(s) How have these people been involved – represented e.g. meeting Nicki Rayment IT

Meeting

Ann Stevenson Quality Assurance Sharon Gourlay Information Governance

13.5. Analysis of the potential impact of the policy / project / change Based on the evidence you have gathered; describe any actual or likely impacts that may arise as a result of the decision and whether these are likely to be positive or negative. Where actual or likely impacts are identified, you should also state what actions will be taken to promote the likelihood of positive impacts as well as minimise Page 9 of 13

or mitigate against possible or likely negative impacts, i.e. what can the Trust reasonably do to actively manage the consequences of its decision / action Eliminate discrimination, harassment and victimisation: Does the policy / project / change, help eliminate discrimination, harassment and victimisation in any way? If yes, provide details. If no, provide reasons Age No evidence that this procedure will negatively affect people with this PC Caring responsibilities No evidence that this procedure will negatively affect people with this PC Disability No evidence that this procedure will negatively affect people with this PC Gender reassignment No evidence that this procedure will negatively affect people with this PC Marriage & civil No evidence that this procedure will negatively affect partnerships people with this PC Pregnancy & maternity No evidence that this procedure will negatively affect people with this PC Race / ethnicity No evidence that this procedure will negatively affect people with this PC Religion or belief No evidence that this procedure will negatively affect people with this PC Sex / gender No evidence that this procedure will negatively affect people with this PC Sexual Orientation No evidence that this procedure will negatively affect people with this PC Advance equality of opportunity: Does the policy / project / change, help develop equality of opportunity in any way? This could include removing or minimising disadvantages suffered by people due to their protected characteristics, taking steps to meet the needs of people from protected groups where these are different from the needs of other people, or encouraging people from protected groups to participate in activities where their participation is disproportionately low. If yes, provide details. If no, provide reasons Age Caring responsibilities Disability Gender reassignment

This procedure will enhance the opportunity different groups as it is applied equally This procedure will enhance the opportunity different groups as it is applied equally This procedure will enhance the opportunity different groups as it is applied equally This procedure will enhance the opportunity different groups as it is applied equally

between between between between

Page 10 of 13

Pregnancy & maternity Race / ethnicity Religion or belief Sex / gender Sexual Orientation

This procedure will enhance the opportunity different groups as it is applied equally This procedure will enhance the opportunity different groups as it is applied equally This procedure will enhance the opportunity different groups as it is applied equally This procedure will enhance the opportunity different groups as it is applied equally This procedure will enhance the opportunity different groups as it is applied equally

between between between between between

Promote good relations between different groups: Does the policy / project / change, help foster good or improved relations between different groups in any way? If yes, provide details. If no, provide reasons. Age This procedure will help foster good relationships between different groups as it does not negatively affect a particular group Caring responsibilities This procedure will help foster good relationships between different groups as it does not negatively affect a particular group Disability This procedure will help foster good relationships between different groups as it does not negatively affect a particular group Gender reassignment This procedure will help foster good relationships between different groups as it does not negatively affect a particular group Pregnancy & maternity This procedure will help foster good relationships between different groups as it does not negatively affect a particular group Race / ethnicity This procedure will help foster good relationships between different groups as it does not negatively affect a particular group Religion or belief This procedure will help foster good relationships between different groups as it does not negatively affect a particular group Sex / gender This procedure will help foster good relationships between different groups as it does not negatively affect a particular group Sexual Orientation This procedure will help foster good relationships between different groups as it does not negatively affect a particular group What do you consider the overall impact: Considering the combined impact of the analysis and the actions required to promote Page 11 of 13

the likelihood of positive impacts and minimise or mitigate against potential negative outcomes – does the analysis support the implementation of the policy / project / change?

13.6. Action Planning Actions to be taken as a result of this analysis Name of person Date action (add additional rows as required): who will take this due to be action completed No actions highlighted

13.7. Authorisation Name & job title of person completing this Nicki Rayment – Associate Director IT analysis: Date of completion:

3rd November 2014

Name & job title of person responsible for Nicki Rayment – Associate Director IT monitoring and reporting on the implementation of the actions arising from this analysis: Name & job title of authorised person: Nicki Rayment – Associate Director IT (If there are doubts about the completeness or sufficiency of this equality analysis, seek advice from the Equality and Human Rights Team or the Legal Services & Reporting Manager in the Clinical Risk & Safety Team) Date of authorisation:

3rd November 2014

Page 12 of 13

14. Appendices Appendix 1 – Example Tape Management Report

Page 13 of 13