Recent headlines concerning serious data loss and mishandling. NHS, RAF etc in last couple of weeks. Serious consequences under DPA. Government now responding with recent report on data handling procedures, and Becta has set out more specific guidance for schools The iStor service addresses all of these concerns and ensures school backup procedures comply with Data Protection Act, any relevant LA/LEA rules and Becta guidance
Accordingly it is vital that schools have a robust backup and disaster recovery strategy in place which can allow them to store and recover their data efficiently and securely at any time. This will keep school downtime to a minimum and avoid unnecessary disruption to administrators and teachers.
This is a list of threats to data set out by Becta in the same Technical Specifications document. All these scenarios could lead to a significant data loss for any school which could severely inhibit its ability to continue teaching. The threats are greater that ever before: floods (eg. Gloucestershire schools losing data as a result of 2007 floods), fires (according to Government statistics, over 1300 schools in the UK suffer fires which are large enough to be attended by the local fire service), theft (over 30 schools in Cheshire reported burglaries in the first 3 months of 2009), IT threats (software/system failure, malware, viruses etc), human error .
……… so schools need a robust and efficient backup system to keep their data secure…. … . Now I will give a brief outline of how iStorPro works….
Data Centres are located in Manchester and in South East to ensure disaster recovery.
At end of slide….So why is all of this so important…??? Now going to look at Becta’s requirements and how iStorPro meets and exceeds these requirements… … . And then the legal implications of an inadequate backup system.
… .Failure to implement an effective backup and disaster recovery strategy can result in damaging losses of data causing schools to waste time and resources as their staff have to redo all their work…. … . But there could also be severe legal consequences for schools which fail to backup their data securely….
We are now looking at how data protection laws apply to data backup and the implications of getting it wrong!!
Since November 2007, the ICO has dealt with more than 500 incidents involving local authorities and charities. In schools, Headteachers, Office Managers, IT Managers (and anyone else with responsibility for backup) could face sanctions. Schools and schools alone are responsible for their data…. As you can see, it also results in damaging PR/reputational damage for the organisation and individual.
An Enterprise Storage Group report cited a 60% failure rate for traditional tape media…. But many schools lack the time, expertise or inclination to test their backup systems. Other schools keep their backup tapes onsite – so if a school suffered a fire, flood or theft, all of their data would be lost. Once any file deletions/corruptions are backed up onto tape, there is no way of retrieving files as they were prior to deletion/corruption. Very likely that backup tapes and other media are in breach of Principle 7 because of the lack of protection/security/encryption. NB: some schools will have an offsite backup by the office manager putting the backup tape (unencrypted) in their bag and going home with it(!!) This is clearly inappropriate and almost certainly illegal and could attract criminal sanctions. … as in Leicestershire Nursery case.
I Stor School Backup Solutions Presentation Full
The ultimate backup solution for your school iStorPro Backup Solutions
Introduction <ul><li>ICT systems and data are critical to the management and operation of every school </li></ul><ul><li>Backup and Disaster Recovery are the most important functions of any ICT system </li></ul><ul><li>Schools face serious practical and legal consequences if they lose data </li></ul><ul><li>iStorPro is a fully managed data backup and disaster recovery service designed for schools </li></ul><ul><li>This presentation will consider: </li></ul><ul><ul><li>The Importance of Backup, </li></ul></ul><ul><ul><li>iStorPro – How it Works </li></ul></ul><ul><ul><li>Becta’s Technical Specifications for School Backup Systems, </li></ul></ul><ul><ul><li>Legal Considerations </li></ul></ul><ul><ul><li>Summary </li></ul></ul>
The Importance of Backup & Disaster Recovery for Schools In its recent “ Technical Specification – Institutional Infrastructure ” document, Becta states: “ There are many reasons why data backup is a crucial requirement for every institution…. … Institutions depend on their computer systems more than ever…. … Loss of data is therefore more expensive than ever in terms of lost educational and administrative work and downtime. ”
The Importance of Backup & Disaster Recovery for Schools <ul><li>Users inadvertently delete files or overwrite existing files. </li></ul><ul><li>External threats or disgruntled learners or educators may delete or overwrite files intentionally. </li></ul><ul><li>Disk drives fail and lose all of the data they hold. </li></ul><ul><li>Files become corrupted by bad disk sectors, magnetic fields and improper system shutdown. </li></ul><ul><li>Disasters, such as flooding or fire, can affect buildings and the systems they contain and, although uncommon, must be planned for. </li></ul><ul><li>Beyond the traditional threats, new threats to today’s systems include viruses and worms. </li></ul>
The Importance of Backup & Disaster Recovery for Schools <ul><li>A wide array of modern threats can compromise a school’s ICT system and cause a significant loss of data </li></ul><ul><li>Data losses can cause: </li></ul><ul><ul><li>a considerable administrative burden and waste valuable resources as staff have to prepare all their work again </li></ul></ul><ul><ul><li>Negative PR and reputational damage </li></ul></ul><ul><ul><li>Legal penalties including litigation for damage caused and criminal sanctions </li></ul></ul>
iStorPro - How it Works <ul><li>Quick and simple setup. </li></ul><ul><li>Fully managed service providing automatic daily backups to servers in dedicated high security data centre in Manchester. </li></ul><ul><ul><li>This frees up staff time and allows them to focus on more productive tasks. </li></ul></ul><ul><ul><li>It removes possibility of human error ensuring better data protection and security on a daily basis. </li></ul></ul><ul><ul><li>The data is also mirrored to other secure servers in another location to aid disaster recovery. </li></ul></ul><ul><li>Cost-Effective </li></ul><ul><ul><li>Schools do not have to invest continually in hardware, backup media, and additional HR and technical support staff time. </li></ul></ul>
iStorPro - How it Works <ul><li>Incremental backups ensure only new file changes are backed up </li></ul><ul><li>This speeds up the process, saving time and bandwidth. </li></ul><ul><li>Data transmitted over SSL connection, encrypted at all times and always held in the UK to ensure complete data protection </li></ul><ul><li>This ensures backup best practice and compliance with data protection rules. </li></ul><ul><li>Email reports detailing each backup and providing an audit trail of backups </li></ul>
iStorPro - How it Works <ul><li>Quick and efficient data restore facility </li></ul><ul><li>Schools can restore any of its data at any time. This ensures business continuity and that downtime is kept to an absolute minimum. </li></ul><ul><li>If school needs to restore a large volume of data, iStorPro will deliver the data on an encrypted hard drive to the school’s premises. </li></ul><ul><li>Schools benefit from a unique 30 days backup retention facility </li></ul><ul><li>This means that, if a file had been corrupted/deleted for the last 14 days then the user can delete the file and restore it as it was last backed up immediately prior to the corruption/deletion (i.e. from 15 days ago). </li></ul><ul><li>This retention period can also be extended as required. </li></ul>
iStorPro – How it Works <ul><li>Supports all major types of operating systems </li></ul><ul><li>including Microsoft, Linux, UNIX, Solaris, Novell, Apple Mac etc, databases (Microsoft, SAP, Oracle etc) and even Exchange and SQL servers. </li></ul><ul><li>iStorPro backs up all data held on a school’s curriculum and admin servers including CMIS data </li></ul><ul><li>iStor backs up data held on laptops. </li></ul><ul><li>Employees often save their work on their laptops, particularly when working at home. This data is backed up in the same manner ensuring complete peace of mind and minimising disruption to work if the data on the laptop is lost or corrupted. </li></ul>
Becta’s Technical Specifications for School Backup Systems <ul><li>In its document, “Technical Specification – Institutional Infrastructure”, Becta sets out the and technical standards and specifications which should be met by any school’s ICT infrastructure. </li></ul><ul><li>A key part of the school’s ICT infrastructure is its backup and disaster recovery system. A robust and secure backup system will ensure that school data is kept safe and is available at any time should a school suffer any data loss. </li></ul><ul><li>Becta sets out the requirements for backup systems in Section 3.3.2…. </li></ul>
Becta’s Technical Specifications for School Backup Systems N/A Institutions shall implement FITS OM or equivalent 3.3.2-a <ul><li>iStorPro’s intuitive interface allows users to: </li></ul><ul><li>select files for backup, </li></ul><ul><li>set a schedule to run the backup automatically on a daily basis at whatever time(s). </li></ul><ul><li>store data remotely in high security facilities, and </li></ul><ul><li>restore lost data securely over the internet giving same ease of access as onsite backup while giving additional security of offsite backup. </li></ul><ul><li>iStorPro solution gives schools complete peace of mind for their backup process with full 24/7 technical support from the iStorPro team. </li></ul>Institutions shall have a backup strategy that includes details of what is backed up, the frequency of backup, storage of backup media (on and off site), recovery procedures, and the person responsible for backing up data. 3.3.2-b iStorPro Design Criterion Technical Specification
Becta’s Technical Specifications for School Backup Systems See 3.3.2-d. Users should only save work to local devices when that device is regularly synchronised or backed up via removable media. 3.3.2-e iStorPro backs up data held on laptops as well as data held centrally. This process is fully automated requiring no user input. Accordingly, schools do not need to educate individual users or buy removable media thereby saving valuable resources and money. The person responsible for back up shall be appropriately trained. Institutions should educate individual users on how to backup their own personal data that is not backed up centrally by the system. 3.3.2-d iStorPro is professional fully managed backup service – schools do not require any additional internal HR or technical support. The person responsible for back up shall be appropriately trained. 3.3.2-c
Becta’s Technical Specifications for School Backup Systems Users can restore any data at any time. Tests should be performed at regular intervals to verify that data can be recovered from the system backup media. 3.3.2-g iStorPro can be set on a daily basis. It then runs automatically without any user input necessary. User can log on and change settings at any time. System backup operations should be performed on a daily basis and should be transparent to users. 3.3.2-f
Becta’s Technical Specifications for School Backup Systems iStorPro backs up all of the data specified. It supports all systems including Microsoft, Apple, Linux, Novell, Solaris, Oracle, SAP whether held on a server or a laptop. It backs up data on an incremental basis (ie only data changes which have occurred since last backup) to save time and bandwith. Users can restore data from any of the previous 30 backups (eg. If data has been recently deleted or corrupted). Users can conduct a full system restore if required. Institutions should perform daily backups of new or changed data complemented by a full weekly backup of: - all institution administrative data, - all users' personal data stored in the network user folders, - all data stored in shared areas, - all changeable educational data stored on the network, - the mail server, or as a minimum, individual mailboxes, - operating system/system state data, - all activity and audit log files. 3.3.2-h
Becta’s Technical Specifications for School Backup Systems Yes A copy of all backup documentation should be kept off site. 3.3.2-j iStorPro avoids the need to removable media thereby reducing associated risks and the cost of purchasing and upgrading expensive hardware. iStorPro encrypts the backed up data and holds it securely offsite in state-of-the-art high security data centres Media containing daily backups should be stored in fireproof safes wherever possible, and full backups should be removed off site to a secure location for safekeeping. 3.3.2-i
Legal Considerations <ul><li>The most important piece of legislation relating to data is the Data Protection Act 1998 . </li></ul><ul><li>The DPA requires organisations (including all schools) to process data in accordance with its strict standards. </li></ul><ul><li>The DPA is enforced by the Information Commissioner. </li></ul><ul><li>Breaching the DPA could result in criminal sanctions . </li></ul>
Legal Considerations <ul><li>In the DPA, Principle 7 is the most relevant part to data backup. </li></ul><ul><li>Principle 7 requires schools to implement appropriate technical and organisational measures: </li></ul><ul><ul><li>to prevent unauthorised or unlawful processing of personal data, and </li></ul></ul><ul><ul><li>to prevent the accidental loss or destruction of personal data. </li></ul></ul>
Legal Considerations <ul><li>When considering what measures would be appropriate, schools need to consider the nature of the data being held and the impact of any loss or misuse of that data. </li></ul><ul><li>As schools hold considerable amounts of data (often highly sensitive) relating to children and staff, they need to ensure that the measures it takes offer the best protection. </li></ul><ul><li>However, many schools have neglected their backup systems. They still use traditional backup media (tapes, hard drives, USBs, CD/DVDs etc.) which are ill-equipped to meet today’s threats against school data… </li></ul>
Legal Considerations: A Recent Case <ul><li>A council-run nursery in Leicestershire employed a temporary assistant. The assistant backed up data (including the names, ages and addresses of 80 children) onto a USB device which was then lost. </li></ul><ul><li>This was a breach of the DPA and the CEO of the Council had to sign an undertaking to protect data better in the future. </li></ul><ul><li>The Assistant Information Commissioner stated that if this undertaking was breached, the Council would face criminal sanctions. </li></ul><ul><li>A grandmother of one of the children considered suing the council for the incident. </li></ul>
Conventional Backup Systems are Inadequate <ul><li>High failure rates during restoration </li></ul><ul><li>Difficulty in detecting problems of backup before performing restoration </li></ul><ul><li>Backup media are not encrypted therefore data could be misused if tape is lost or stolen </li></ul><ul><li>Reduced flexibility – only one backup set therefore previous backups not retained </li></ul><ul><li>Increased likelihood of occurrence of negligence-induced problems (e.g. lost or misplaced data, deletion of files etc.) </li></ul>Traditional backup systems are likely to be in breach of Principle 7 of the DPA!
Summary <ul><li>Backup & Disaster Recover is a crucial part of any well designed school ICT system </li></ul><ul><li>Traditional backup systems are inadequate </li></ul><ul><li>Storing data on backup media is very risky and could attract legal penalties as well as PR/reputational damage </li></ul><ul><li>iStorPro has been designed to meet Becta’s technical requirements and ensures that school backups comply with all relevant laws and regulations </li></ul><ul><li>It is also a cost-effective solution saving staff time avoiding the need to spend continuously on expensive new backup hardware </li></ul>