SD60 Data Backup Requirements

This requirement has been created in response to an IT General Controls Audit conducted in the fall of 2018. Technology Services has had a robust backup strategy over the past several years This Requirement provides written documentation of the strategy already in place. 

Requirement

Technology Services will backup Server and Data with the following requirements:
• Local Server Machine Backup – Complete machine backup for restore and recovery purposes
• On-site and Off-site DATA backup for retrieval and recovery purposes (student DATA is not backed up offsite)
• Retention to be outlined by Secretary-Treasurer / School Board
• Scheduling and notification by the dedicated applications will be used
• Periodic restore and Data integrity checks to be performed

Purpose

The purpose is to outline which Data is backed up as defined in Local copy and Offsite copy.

Scope

This requirement will impact all virtual and physical File servers, Web server and Database servers as well as virtual dedicated appliances.

Data centre Virtual machines will have a full system Veeam Backup created and stored locally as well as an offsite copy for Archive and recovery purposes.

Selected Virtual Machines will have their Data volumes and or Databases backed up offsite to a central remote server for archival and recovery purposes. Data Only.

Local site servers, non virtual machines, will have a local backup of the machine for recovery purposes. All Data will be backed up.

Local site servers will have an offsite copy, of the data volume only, saved to a central remote server for archive and recovery purposes. No Student data will be backed up.

Roles & Responsibilities

Retention Policy and archival data schedule to be outline by the Secretary-Treasurer and School Board.

LAN Technicians are responsible for the monitoring of their local site full system backups and recovery or restore of Local DATA, including student Data.

IT Manager and WAN are responsible for Data Centre Virtual Machine backups, restores, and offsite DATA backups and restores.

LAN Technicians are responsible for periodically verify the ability to recover Site Servers and Data files under a simulated environment and conditions.

IT Manager and WAN are to periodically verify the ability to recover VMs and/or offsite Data file recovery under a simulated environment and conditions.

Requirement Owner

Technology Services – IT Manager

History

Enacted: January 22, 2019
First Draft: December 18, 2018.

Enforcement

Enforcement will be handled either through settings in Windows Serve Backup, Veeam Backup and Recovery, and via DATA only by Backup Assist. Email Verifications will be used for monitoring backup verification completion. Scheduled simulated recoveries will be determined.

Staff Password Requirements

Requirement 

Technology Services will require strong passwords and enable security restrictions for Active Directory (District Wide Login) resources with the following minimum requirements:

  • Minimum number of characters (to be shared directly to staff)
  • Complexity requirements (to be shared directly to staff)
  • Maximum Password Age (to be shared directly to staff)
  • Enforce Password History (to be shared directly to staff)
  • Account Lockout after numerous invalid attempts

For help with changing your password please see http://bit.ly/60chgpass

Purpose

Password settings are to be used to set minimum requirements for strong passwords. The purpose of strong passwords is to protect organizational and student information.

Scope

This requirement will impact all staff Active Directory accounts.

Roles & Responsibilities

All staff are required to protect organizational and student information.

Requirement Owner

Technology Services

History

Enacted February 20, 2019
3rd Draft: January 22, 2019 – changed some details to “to be shared directly with staff”
2nd Draft: December 4, 2018 – changed policy to requirement
First Draft: December 3, 2018.

Enforcement

Enforcement will be handled through settings in Active Directory.

Granting Access Rights Requirement

Requirement: Granting account access rights to a service that is managed by Technology Services must be requested in writing via  Work Order by the Manager responsible or their secretary on their behalf (except where rights are for the secretary then the manager should submit the WO).

Purpose:  Provide appropriate rights granted by a manager to a staff member to services needed for employment.

Rationale: This requirement is in response to feedback from an IT General Controls Audit. Requests for rights are to be done in writing by someone with the authority to approve them rather than verbally.

Scope

Examples where a Work Order will be required:

  • New payroll staff member needs access to accounting system.
  • New teacher needs access to MyEd / Assess. A Work Order is required along with the confidentiality agreement (as per current practice).
  • A New LA requires school wide access to assess.
  • A staff member needs rights to manage a school or district web page.
  • Irregular on-boarding of a staff member due to exigent circumstances.
  • Specialty rights or access to network folders.

Examples of where a Work Order is not required:

  • Regular on-boarding of new staff. Process with HR and TS continues as before.

Roles & Responsibilities

Managers must request rights in writing.

Wide Area Network Specialist or other TS staff creating accounts must require written account rights requests.

Requirement Owner

Technology Services – Director

History

Enacted December 22, 2018.

Enforcement

Staff Training and Audit.

End of HUP

The Home Use Program  for Microsoft Office expired in March of 2018. The newest version would require a significant amount of upfront and ongoing additional work and cost for Technology Services that we are not prepared to do at this time. As such the Home Use Program will not be available for the foreseeable future.

Encrypted Drives Requirement

Requirement

District computer and external storage (backup drives) should have encrypted drives. Recovery keys will be stored in the Asset’s information in Helpdesk in the encryption key field or the notes field.

Purpose

Data Security in the event of asset theft.

Scope

All computers and external storage.

Roles & Responsibilities

Technicians are responsible for ensuring that new devices are using encrypted drives.

Owner

IT Manager

History

Updated: December 6, 2018 – formatting
Created: February 8, 2018

Enforcement

Technology Services staff education and training