Sample Security Protocols for Backup Files, Shares, and Repositories

  • All backups containing PII (Personally Identifiable Information) or PHI (Protected Health Information) must be encrypted. If possible, they must be encrypted before being transferred over the network (including dedicated backup VLANs).
    • Examples of types of information this includes:
      • Email addresses,
      • Phone numbers,
      • Names,
      • Birth dates,
      • Religious beliefs,
      • Physical addresses,
      • Any other information that can identify, locate, or contact a specific individual.
  • All backups containing any kind of password must be encrypted. If possible, they must be encrypted before being transferred over the network.
  • All backups containing any kind of confidential business information must be encrypted. If possible, they must be encrypted before being transferred over the network.
  • All network shares and repositories containing backup files must have file screens applied to them which prohibit any file type other than the specific file type of the backups from being written to them.
  • All network shares and repositories containing backup files must have read/write permissions granted only to the backup admin domain account used for the corresponding backups.
  • All backups must have versions stored offline at all times.
  • dr/backup_files_shares_security.txt
  • Last modified: 2019/03/15 15:24
  • by ericclaus