POLICIES AND PROCEDURES

Backup and Restoration Procedure

Doc. No.: TOMEI-ISMS-ITD-BACKUP AND RESTORATION PROCEDURE-V1.0

Last Updated By: SJ Liong
Last Updated Date: 18th July 2024
Version: 1.0
Security: Internal Use Only

All information contained in this document is internal use and proprietary.

This document and any material, attachment or information disclosed are made available solely to the recipients authorized by Tomei Gold & Jewellery Holdings (M) Sdn Bhd. on the strict understanding that this document is not to be reproduced, in whole or in part, or shown or in any way disclosed to any third party, without the expressed written consent from Tomei Gold & Jewellery Holdings (M) Sdn Bhd.

Summary

Technological advancements in recent years have provided great advantages by offering diverse tools, software, and platforms that generate operational flexibility. It has also led to some complex challenges: keeping track of massive amounts of data in disparate locations, under various user controls, and accessed via different types of devices both personally and company-owned. Shadow IT has also played a factor in adding to this complexity; data is not always under organizational control, and in some cases the IT department may not even be aware it exists.

To enable business continuity in the event of data loss/corruption, human error, and natural or man-made disasters, the organization must regularly back up all data needed for business operations and ensure the restore processes involved are sound.

Critical elements of a successful data backup policy are based on identifying key staff responsible for administering and maintaining the backup environment (hereafter referred to as the backup team), understanding what should be backed up, when and where it will be backed up, how often it will be backed up, how long backups should be kept, and confirming the success of all those operations.

Purpose

The purpose of this policy is to assist in determining and implementing the backup environment/operations that are appropriate for the organization. It factors in onsite as well as remote and cloud operations and considers issues such as storage capacity, network bandwidth, and access controls to ensure security of data.

Scope

All employees, including full-time, part-time, contract workers, consultants, interns, temporary workers, and other personnel, are covered by this policy. It also applies to all company-owned equipment or material related thereto.

Policy Details

Backup Team Members & Responsibilities

The backup team is responsible for carrying out the elements of this policy. It may consist of the IT department (or select members), third-party vendors, such as cloud providers, or some other group. These individuals have appropriate physical and remote access to systems and backup environments with the proper administrative authority to set options or make changes as needed.

The listing of the Backup Team Members identified (see Appendix A) must always be kept up-to-date.

Data Backup Selections

The entire system of all servers within the organisation including the system’s data will be backup. The backup strategy deployed will be based on the criticality of the system as cover in a later section of this policy. Appendix B details the servers and data being backup as well as the backup strategy. Appendix B must be kept up-to-date at all times.

No backups will be done for files stored locally on desktop computers and laptops provided to employees unless the files are placed in the mounted shared folder connected to the organization File Server. Therefore, employees will be responsible to back up their own the data in their desktop computers and laptops.

Type of Data for Backup and Backup Types

The organisation deploys an “entire” system backup approach instead of just backing up the data within a system. This allows the IT department to restore systems with much greater speed and reliability while at the same time, it also allows for selective data restoration (e.g., certain files or databases) if needed.