This section discusses the need for organizations to establish a issue-specific backup policy for data security and retention. The policy should consider business requirements, security requirements, and criticality of information when developing plans for backing up information, software, and systems. The backup plan should include procedures for producing accurate records and restoration guidelines, testing backup media regularly, keeping backups within secure remote locations, protecting backups with encryption, and monitoring the backups in real time. In addition, organizations should regularly test backup actions in individual systems and services so that they meet response and continuity plans. Finally, the section highlights the need for cloud service backup copies and deleting data in within storage media after retention periods expire.
Conformance1
Tools for conforming to standards, goals and processes
