Solved

Company Data Storage Policy & Process

Posted on 2014-03-03
2
543 Views
Last Modified: 2014-03-07
We are a K-12 school district and have a small data center where we store all user data. Currently we have 40,000 student and 5,000 staff saving data centrally and we are looking control this a bit more than we currently are.

Does anyone have an example of a data storage (or something similar) policy detailing how what should be stored here, who should access it, how long we will store it, what happens after a particular timeframe and so on?

We are just getting started on our data storage policy and any examples would be most appreciated.

Thank you,
0
Comment
Question by:salkeiz
  • 2
2 Comments
 
LVL 61

Accepted Solution

by:
btan earned 380 total points
ID: 39903026
First is to ask what is the objective for this storage policy e.g. to manage and control the data within the organisation or institution such that there is assurance in domain of data consistency, security and resiliency. This also aims to facilitate the business running and ensure compliance with the state governance and policy stipulated for institutation or organisation. This is a broad scope but it is mainly to charter the areas to derive and establish the clauses to direct the implementation with appropriate baseline requirement.

Second is then to understand the above by dictating the data lifecycle and making sure the policy under the scope cover sufficiently the phase in the whole lifecycle. You can check out this article as starter @ http://www.computerweekly.com/feature/Creating-a-data-storage-policy

A good starting point for a data storage policy is how the data should be stored, ie on-line, near-line, or off-line, as effective archiving can dramatically reduce the size of daily back-ups. In general terms, data that needs to be edited or updated should be stored on-line, that is on devices that are part of the normal storage infrastructure, either directly attached storage, Storage Area Network (SAN), or Network Attached Storage (NAS).

As a guide to developing a data storage policy Butler Group has established five steps. These are:

-Establish a data storage budget
-Assess data availability requirements
-Measure security levels
-Assess legal and governmental requirements
-Implement data policy corporate-wide


Thirdly, it is not simple "storage" policy only as the whole data lifecycle in the data center need to be ascertain and commensurate based on the data classification and access control required. Below is a sample from "The University of Kansas" stating for their Data center and they listed out couple of related supporting policy to drive the whole governance for the data managed from a guardian and consumer perspective. It may be good to check it out as without even those supporting policy it is hard to come up with "data storage" policy..key policy to focus on include

-Data Classification and Handling Policy
-Data Classification and Handling Procedures Guide
-Information Access Control Policy

http://www.policy.ku.edu/IT/data-center-server-room
 
I also like to point out their "Safeguard Information in Storage" which handling varies based on classification and sensitivity

https://policy.drupal.ku.edu/IT/data-classification-handling-procedures#7
0
 
LVL 61

Expert Comment

by:btan
ID: 39903051
This is another on PDF- Guidelines on Security and Privacy in Public Cloud Computing which I see maybe useful considerations reviewing the policy needed.

I know it is "out" of the context but the content in the guidelines are applicable and generally acceptable since it is general protection of data for any hosting environment even for DC. You can catch below

"4.10 Summary of Recommendations" - summarizes those issues and related recommendations for organizations to follow when planning, reviewing, negotiating, or initiating a public cloud service outsourcing arrangement.

Include Governance, Compliance, Trust, Architecture, Identity and Access Management, Software Isolation, Data Protection, Availability, Incident Response. And specifically I summarise it as stated in their guidelines to look at

¿ Ownership rights over data
¿ Locus of organizational data within the cloud environment
¿ Security and privacy performance visibility
¿ Service availability and contingency options
¿ Data backup and recovery
¿ Incident response coordination and information sharing
¿ Disaster recovery.

it is good to engage other peer school to see if the Ministry or parent agencies can shed more assistance as coming up with policy is not an overnight and silo efforts. It need to align to the overall organisation and parent mission and goals.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now