Documentation
HECVAT Lite v3.0.6
Data
HLDA-04

Question HLDA-04

Are involatile backup copies made according to predefined schedules and securely stored and protected?

Weight15
High RiskNo
RequiredYes
Compliant AnswerYes

Standard Guidance

Ensure that response addresses involatile storage.

Answering "NO"

State how the institution's data is protected from system failures and ransomware.

Answering "YES"

If your strategy uses different processes for services and data, ensure that all strategies are clearly stated and supported.

Reason for Question

Ransomware is a significant and growing threat. Every hosted service should include offline or involitile storage to mitigate this risk.

Follow-Up Inquiries

An institution's use case will drive the requirements for backup strategy. Ensure that the institution's use case and risk tolerance can be met by vendor systems.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]