Question DATA-12

Are involatile backup copies made according to predefined schedules and securely stored and protected?

Standard Guidance

Ensure that response addresses involatile storage and lists retention periods.

Answering "NO"

State how the institution's data is protected from system failures and ransomware.

Answering "YES"

If your strategy uses different processes for services and data, ensure that all strategies are clearly stated and supported.

Reason for Question

Restricting system updates to a standard maintenance timeframe is important for ensuring that changes to production systems do not impact operations. It’s also important for troubleshooting any problems that may occur as a result of the changes. Availability is the focus of this question.

Follow-Up Inquiries

An institution's use case will drive the requirements for backup strategy. Ensure that the institution's use case and risk tolerance can be met by vendor systems.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]