ITS Backup Retention Standards

These standards were approved for posting at the 1/12/12 meeting of the UCSC IT Security Committee.

I. Purpose:

The purpose of these standards is to

  • Clarify responsibility for establishing retention periods for backups;
  • Establish a default retention period for ITS-managed backups;
  • Establish a process for determining actual retention requirements for backups.

II. Scope:
These standards apply to ITS-managed backups. They are not intended to replace other records retention obligations or schedules, which must be addressed separately.

III. Principles:

  • System Stewards/Record Proprietors identify retention requirements for backups based on established retention schedules, advice from the campus Records Management Coordinator, and informed by business need, law, regulations, University policy, and/or financial or technical constraints.
  • ITS shall implement backup retention periods as communicated by System Stewards/Record Proprietors.
  • Retention periods other than the default shall be documented in a Service Level Agreement (SLA) and/or Operational Level Agreement (OLA), or for projects, the project plan.

IV. Definitions: 

  • The following terms used in these standards are defined in the ITS Service Management Toolkit.
    • Operational Level Agreement (OLA)
    • Service Level Agreement (SLA)

V. General Standards:

  • ITS' default retention for backups is 30 days.
  • The default retention period may be shortened or lengthened according to business need, law, regulations, University policy, financial or technical constraints (see Principles, above). There may be financial or other implications for retention periods greater than the default.
  • ITS shall securely delete, destroy or overwrite backups when the retention period expires.
  • File recovery and archiving are not part of backup services, and must be requested separately. These services may be provided based on business need and may affect the retention period. Additional costs for these services may apply.

VI. Responsibilities:

a. System Stewards/Record Proprietors

  • Understand the retention requirements for data based on systemwide or local retention schedules or advice from the campus Records Management Coordinator, and identify corresponding retention requirements for backups
  • Communicate retention requirements for backups to the ITS Backup Service Provider
  • Ensure that retention periods other than the default are documented in SLAs and/or OLAs, or for projects, the project plan

b. ITS Backup Service Providers

  • Implement retention periods communicated by System Stewards/Record Proprietors
  • Ensure that retention periods other than the default are documented in SLAs and/or OLAs, or for projects, the project plan
  • Inform System Stewards/Record Proprietors about implications of retention periods greater or less than the default, including cost

V. Getting Help:

For questions about these standards, contact the ITS Support Center at itrequest.ucsc.eduhelp@ucsc.edu, 459-HELP, or in person M-F 8AM-5PM, 54 Kerr Hall

Rev. 10/27/11