Introduction

This document addresses the College's approach to the storage, retrieval and disposal of electronic data in order to assure that reliable system operations, along with privacy and security concerns, are appropriately addressed. It does not address the archiving of historically important information.

The College operates a large number of different host computer systems. The backup procedures vary among these systems. A detailed description of all these systems is not represented here.

Backups

System backups are maintained for the recovery of catastrophic system or disk failure. The general strategy is to copy material from one set of disks to another set of disks which are usually on a different computer system. Often these copies are made daily.

In some cases, the all or portions of the disk-to-disk copies are copied to magnetic tape.

Archival backups

Archival backups are copies of materials made at a specific time and kept for some period of time. They are "snapshots" of information at a particular time. The retention interval, if any, varies depending on the requirements for the retention of the contents.

Recovery and retrieval

Since no backup system can be perfect, we cannot absolutely guarantee that your files can be completely recovered in the event of catastrophic disk failure.

In the event of accidental deletion of information, it is sometimes possible to recover individual files from backups. There can be no guarantee that recover is possible. If such a situation occurs, the chance of recovery is best if attempted within 24 hours.

System backup procedures do maintain files on tape. These backups are maintained for system recovery and are not maintained for the recovery of specific information that is accidently removed.

While such recovery is done on occasion (especially for critical College or academic data), it can be time consuming and is not a service that is routinely offered; and it may not be possible, depending on when the information was lost in relation to the backup schedule. There is no obligation to attempt or succeed in any recovery attempt.

It is impossible to selectively delete any file that is already stored on tape.

Backup procedures for specific systems or functions

Email inboxes are backed up to disk on a daily basis. After two to four days these files are written over.

Saved message folders in individual home directories (including email folders other than the inbox), departmental network folders, central application (ERP) systems, and the main College web pages are backed up both to disk and to tape.

The full system tape backups for the personal file/email server (MHC) and for the general fileserver (AMBR) occur about quarterly and are retained for at least a semester and normally for a year. Daily and weekly incremental backups are done between full system backups. Weekly incremental backups are generally retained for 2 months.

Central application systems (ERP Datatel and Lawson) undergo full system backups on a daily basis and data are written to tape. Tape backups of the ERP systems are stored in off-campus locations.

Other application systems such as Student, Human Resources, Financial, Financial Aid, Learning Management, Content Management, eThesis, and various other systems supporting the College are backed up to disk on a daily basis.

Backup disks and tapes that have reached the end of the retention cycle are overwritten with more recent backup information or destroyed.

Backups are made for purposes of restoration in the event of a system failure (to the individual desktop server or to a larger departmental or institutional server). They are not intended to provide ready access to or recovery of individual files or records.

Personal backups

Recovery

Archival backups

Since backups are maintained for the recovery of catastrophic system or disk failure, we do not maintain archival copies of material indefinitely.

For your personal and academic work, it is a good idea to maintain archival backups on your own computer or other personal storage devices. This permits you, for example, to go back in time to view a document as it was at an earlier stage of a project.

In the event of notice of possible litigation

If a written claim or complaint, subpoena, or other formal demand is made against the College for which documentation that could support or refute such a claim exists in the College.s computer system (e.g., emails, written records or financial records), the manager receiving the claim shall notify the Privacy/Security Task Force as to the particulars of the claim immediately. The Task Force will work with appropriate campus officials (e.g., the Director of Human Resources, the Dean of Faculty, the Dean of the College, the Director of Risk Management) to notify those involved that any files associated with the event cannot be destroyed and perform targeted backups of the files of involved parties to assure that they are preserved.

Information that employees or students store on a local computer (e.g., C: drive) or other local media (e.g., CD.s or flash drives) should also be retained and backed up to a secure location on a College server. All paper records are also required to be kept and produced if required by legal action or demand. Employees are prohibited from destroying any data upon notice of a potential claim. Deliberate destruction of identified data is a serious offense, and any person who deliberately destroys identified data will be subject to disciplinary action including termination of employment.

THE Campus Privacy and Security Committee Revised 2010-03-22

Back