Question HLDA-04
Are involatile backup copies made according to predefined schedules and securely stored and protected?
| Weight | 15 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
Ensure that response addresses involatile storage.
Answering "NO"
State how the institution's data is protected from system failures and ransomware.
Answering "YES"
If your strategy uses different processes for services and data, ensure that all strategies are clearly stated and supported.
Reason for Question
Ransomware is a significant and growing threat. Every hosted service should include offline or involitile storage to mitigate this risk.
Follow-Up Inquiries
An institution's use case will drive the requirements for backup strategy. Ensure that the institution's use case and risk tolerance can be met by vendor systems.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]