Back

Log the execution of each backup.


CONTROL ID
00956
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Perform backup procedures for in scope systems., CC ID: 11692

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The process of backing up data is monitored by means of technical and organisational safeguards. Malfunctions are examined and eliminated promptly by qualfied employees in order to ensure compliance with the contractual duties towards the cloud customers or the cloud provider's business requirements… (Section 5.6 RB-07 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
  • Does the organization have a process for retrieving a backup file that is inadvertently deleted? (Table Row II.14, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • A log of the backup testing should be kept and should include the date of the test and the results, along with a record of how any errors are corrected. (¶ 19.6 Bullet 5, Good Practices For Computerized systems In Regulated GXP Environments)
  • The control system shall provide the capability to generate audit records relevant to security for the following categories: access control, request errors, operating system events, control system events, backup and restore events, configuration changes, potential reconnaissance activity and audit l… (6.10.1 ¶ 1, IEC 62443-3-3: Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels, Edition 1)
  • backup and restore event; (6.10.1 ¶ 1 d), IEC 62443-4-2: Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components, Edition 1.0)
  • Back-ups should be recorded in a log (or equivalent), which includes details about data backed up, the date and time of the back- up, the back-up media used and its physical location. (CF.07.05.03c, The Standard of Good Practice for Information Security)
  • Back-ups should be recorded in a log (or equivalent), which includes details about data backed up, the date and time of the back- up, the back-up media used and its physical location. (CF.07.05.03b, The Standard of Good Practice for Information Security, 2013)
  • Back up systems ought to include a regular backup schedule, multiple copies on a variety of media, dispersed storage locations for the backup copies, and provision for both routine and urgent access to backup copies. (§ 4.3.7.3(a), ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: Guidelines)
  • Implement appropriate backups and sufficient documentation and retention periods for each iteration of data backup. (App A Objective 6:3b, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)