SaFi Bank Space : (Draft) - Data Backup and Retention Policy

Created by User 7142e, last modified on Jan 24, 2023

This policy shall be reviewed by relevant stakeholders, send feedbacks and shall be approved by relevant Decision Makers and with the Final Approval of the Legal Department for Implementation.

Furthermore please check the latest BSP MORB Guidelines and Requirements to confirm the policies and procedures stated herein.

Introduction: This policy outlines the procedures for creating, storing, and recovering backups of critical data within the organization, including off-site storage and testing of recovery procedures. This policy is intended to ensure the confidentiality, integrity, and availability of critical data by regularly creating and testing backups of that data.

Scope: This policy applies to all employees, contractors, and other individuals who are responsible for the operation and maintenance of IT systems and resources, including but not limited to: servers, databases, applications, and network resources.

Policy:

  1. Data backup:

  • The organization must regularly create backups of critical data.

  • Backups must be made at least daily, and stored off-site in a secure location.

  • Backups must be encrypted to protect the data from unauthorized access.

  • Backups must be tested regularly to ensure that they are complete and can be used for recovery.

  1. Data recovery:

  • The organization must establish procedures for recovering data from backups in the event of data loss or corruption.

  • The organization must test the data recovery procedures regularly to ensure that they are effective.

  • The organization must establish procedures for restoring data from backups in the event of a disaster or other disruption.

  1. Data retention:

  • The organization must retain backups for a minimum of six months for non financial records and 5 years for financial related records or as required by regulatory authorities.

  • The organization must establish procedures for securely disposing of backups that are no longer needed.

Implementation:

  • The IT department is responsible for the implementation and enforcement of this policy.

  • The IT department must establish a process for creating, storing, and recovering backups of critical data.

  • The IT department must conduct regular audits to ensure compliance with this policy.

Enforcement:

  • Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract.

  • Any suspected violations of this policy must be reported to the IT department immediately.