WM-IT-004 Backup File Policy And Procedure – Docs

Revision Table

Release No.	Date	Revision Description
Rev. 0	07-MAC-2018	New Release
Rev. 1	26-SEP-2022	Amendment To Template Layout And Cover Page Amendment To Approval By Name And Position Revised, Restructure And Strengthen Existing Policy New Annual Review Section
Rev. 2	25-SEP-2023	Remove Revision & Date Revised From Page 1 to 5 On Header Section Remove Next Review On Page 2 Move Approval From Page 4 To Page 5
Rev. 3	21-NOV-2023	Remove Remarks On Page 2 3.0 Annual Review – Update Annual Review To Review
Rev. 4	19-DEC-2023	Approval – Update New Layout And Move To Page 3 2.0 Review By – Move To Page 3
Rev. 5	28-NOV-2024	Revised, Restructure And Strengthen Existing Policy
Rev. 6	07-JAN-2025	Move Entire Policy To Cloud For Easy Access From Anywhere. Revised Header And Sub-Header Numbering

1. INTRODUCTION

At Widetech Manufacturing Sdn Bhd, data security and business continuity are critical components of our operational framework. As part of our commitment to protecting sensitive information and ensuring the resilience of our Information Teachnology infrastructure, this Backup File Policy and Procedure document establishes a structured approach to safeguarding company data against loss, corruption, and unauthorised access.

This policy is designed to ensure that all critical business data is securely backed up, readily available for recovery, and protected from risks such as system failures, cyber-attacks, accidental deletions, and natural disasters. By implementing clear backup procedures, we strengthen the organisation’s ability to maintain seamless operations while complying with industry best practices and regulatory requirements, including the Customs-Trade Partnership Against Terrorism (CTPAT) standards.

The scope of this policy extends to all electronic data, systems, and storage solutions managed by Widetech Manufacturing Sdn Bhd, including servers, databases, workstations, cloud services, and external backup devices. It applies to employees, Information Technology personnel, and third-party vendors involved in the management and security of backup files.

To achieve these objectives, this document outlines key policy statements, procedures, and responsibilities for ensuring the integrity, security, and recoverability of backup files. It also defines best practices for backup scheduling, storage security, access control, encryption, disaster recovery testing, and compliance audits.

By adhering to this policy, Widetech Manufacturing Sdn Bhd ensures that data remains secure, recoverable, and accessible when needed, minimising the impact of unexpected disruptions and reinforcing our commitment to operational excellence and compliance with global security standards.

2. SCOPE

This policy applies to all electronic data and information systems that are managed, maintained, or owned by Widetech Manufacturing Sdn Bhd. The policy is comprehensive in its reach, ensuring that all digital and electronic assets critical to the company’s operations are adequately protected and accounted for.

The scope of this policy extends to all individuals and entities involved in the handling, management, or security of Widetech Manufacturing Sdn Bhd’s data. This includes employees, contractors, consultants, and third-party vendors who are authorised to access or interact with the company’s information systems. Regardless of the individual’s role or relationship with the organisation, adherence to this policy is mandatory to ensure a uniform standard of data protection.

Additionally, this policy covers all locations where company data is stored, transmitted, or processed, whether onsite, offsite, or within cloud-based environments. The scope also includes any backup or disaster recovery processes and systems used to replicate or store data to mitigate risks associated with data loss, unauthorised access, or operational disruption.

By defining this scope, Widetech Manufacturing Sdn Bhd ensures that all relevant parties and systems are aligned with the organisation’s commitment to data security, operational continuity, and compliance with CTPAT (Customs-Trade Partnership Against Terrorism) standards. This alignment is critical for maintaining the integrity and confidentiality of the company’s information assets in a secure and controlled manner.

3. POLICY STATEMENT

Widetech Manufacturing Sdn Bhd is committed to ensuring the effective and reliable backup of all critical data and systems. This commitment is essential to safeguard the organisation’s information assets from unauthorised access, data corruption, and permanent loss. Robust backup processes will be implemented to maintain the integrity, availability, and security of all critical data, thereby supporting the continuity of business operations and the organisation’s compliance with recognised standards, including CTPAT (Customs-Trade Partnership Against Terrorism).

To achieve this, Widetech Manufacturing Sdn Bhd will establish and enforce procedures that ensure data backups are conducted regularly and securely. Backups will be designed to protect against a variety of potential threats, such as hardware failures, cyber-attacks, accidental deletions, and environmental disasters. These procedures will include the use of secure storage solutions, both onsite and offsite, as well as robust encryption measures to prevent unauthorised access to sensitive information during both transit and storage.

Access to backup data will be restricted to authorised personnel only, and all activities related to the creation, maintenance, and restoration of backup files will be logged and monitored to maintain accountability. Furthermore, backup files will be routinely tested to confirm their reliability and usability in the event of a data restoration requirement.

By maintaining a rigorous backup policy, Widetech Manufacturing Sdn Bhd underscores its dedication to upholding the highest standards of data security and operational resilience. This policy ensures that the organisation is prepared to respond effectively to potential incidents, minimising the impact on operations and maintaining trust among stakeholders.

4. BACKUP FREQUENCY

To ensure the security and availability of critical data, Widetech Manufacturing Sdn Bhd will establish a structured and reliable backup schedule. This schedule will include both full and incremental backups, carefully designed to minimise the risk of data loss while maintaining operational efficiency.

4.1 Full Backups

Full backups of all critical data and systems will be conducted on a weekly basis. This process involves creating a complete copy of the organisation’s data, ensuring that every file, database, and system configuration is securely preserved. By performing full backups regularly, the company can maintain a comprehensive dataset that serves as a reliable foundation for restoring operations in the event of a major system failure or disaster.

4.2 Incremental Backups

Incremental backups will be performed daily to capture and preserve any changes made to the data since the most recent full backup. This approach ensures that the organisation remains up-to-date with minimal disruption to regular operations. Incremental backups are designed to efficiently save storage space and reduce processing time while maintaining an accurate record of all recent data modifications.

By combining weekly full backups with daily incremental backups, Widetech Manufacturing Sdn Bhd will achieve a balance between comprehensive data protection and operational efficiency. This dual-layer approach ensures that critical information is consistently backed up, enabling swift and reliable restoration when needed, and supports the organisation’s commitment to adhering to best practices and industry standards for data security.

5. STORAGE ALLOCATION

To ensure the security, redundancy, and accessibility of critical data, Widetech Manufacturing Sdn Bhd will employ a multi-location storage strategy for all backups. This approach is designed to safeguard data against potential threats, including physical damage, theft, and cyber-attacks, while ensuring compliance with data protection and security standards.

5.1 Onsite Storage

A secure onsite storage solution will be maintained within Widetech Manufacturing Sdn Bhd’s facilities. This location will serve as the primary repository for backup data, allowing for quick access and restoration in the event of a minor system failure. Onsite backups will be stored in a dedicated, locked, and climate-controlled environment to prevent physical damage and unauthorised access.

5.2 Offsite Storage

To protect against the risk of onsite disasters, such as fire, flooding, or other emergencies, a secondary set of backup data will be stored offsite. This offsite repository may include secure, geographically dispersed facilities or a trusted cloud-based storage platform. Offsite storage ensures that critical data remains safe and accessible even in the event of catastrophic onsite incidents.

5.3 Cloud-Based Repository

Where applicable, backups will also be stored in a reputable, encrypted cloud-based storage solution. Cloud storage will provide additional resilience by leveraging remote access, high availability, and advanced security features. Multi-factor authentication and encryption will be applied to safeguard data during both transit and storage.

5.4 Compliance with Security Standars

All offsite and cloud-based backup storage locations will adhere to recognised data protection and security standards. These standards include compliance with regulations governing the confidentiality, integrity, and availability of data. Measures will be in place to prevent unauthorised access, such as data encryption, secure authentication protocols, and access control systems.

By securely storing backups in multiple locations, Widetech Manufacturing Sdn Bhd ensures a robust and resilient data protection framework, reducing risks and supporting the organisation’s ability to recover from incidents swiftly and effectively. This strategy reflects the company’s commitment to safeguarding its information assets in accordance with industry best practices and regulatory requirements.

6. RETENTION PERIOD

Widetech Manufacturing Sdn Bhd is committed to maintaining a systematic and compliant approach to the retention of backup files. The retention period for backups is designed to balance regulatory compliance, operational requirements, and efficient use of storage resources. This ensures that data is available for restoration when needed while adhering to industry best practices and legal obligations.

6.1 Minimum Retention Period

Backup files will be retained for a minimum of 1 year. This retention period provides a sufficient window to identify and recover from potential data loss incidents, such as accidental deletion, cyber-attacks, or system failures. A 90-day period ensures that data remains accessible for short-term recovery needs while maintaining operational continuity.

6.2 Regulatory Compliance

Where required by regulatory standards, contracts, or industry guidelines, backup files may be retained for a longer duration. Widetech Manufacturing Sdn Bhd will adhere to all applicable laws and regulations governing data retention to ensure compliance with legal obligations and industry-specific requirements.

6.3 Operational Needs

The retention period for backups will also be aligned with the operational needs of Widetech Manufacturing Sdn Bhd. This includes ensuring that historical data required for audits, business continuity planning, or troubleshooting purposes is retained for as long as necessary. Adjustments to the retention period will be made based on business objectives and the evolving requirements of stakeholders.

6.4 Secure Disposal

At the end of the retention period, backup files will be securely deleted or destroyed to prevent unauthorised access or data breaches. Secure disposal methods will comply with recognised standards, including the use of data-wiping tools or physical destruction for hardware-based storage. Documentation of the disposal process will be maintained for audit purposes.

6.5 Regular Review

Retention policies will be reviewed annually to ensure they remain aligned with Widetech Manufacturing Sdn Bhd’s operational and compliance needs. Any updates to regulatory requirements or organisational priorities will be incorporated into the retention strategy to maintain relevance and effectiveness.

By defining and adhering to a clear retention period for backup files, Widetech Manufacturing Sdn Bhd ensures that its data management practices are both effective and compliant, supporting the organisation’s ability to recover from incidents while safeguarding sensitive information.

7. DATA ENCRYPTION

Widetech Manufacturing Sdn Bhd is dedicated to safeguarding the confidentiality, integrity, and security of its backup files through the implementation of robust data encryption protocols. Encryption is a critical component of the company’s data protection strategy, ensuring that sensitive information remains secure at all times, whether in transit or at rest.

7.1 Encryption During Transit

To protect backup files from unauthorised interception while being transferred between systems or storage locations, all data will be encrypted during transit. This includes transmissions to onsite storage devices, offsite repositories, or cloud-based platforms. Industry-standard encryption protocols, such as Transport Layer Security (TLS), will be utilised to secure the data transfer process and prevent unauthorised access or tampering.

7.2 Compliance with Standards

All encryption measures will adhere to recognised international standards and regulatory requirements, ensuring compliance with industry guidelines for data protection. This includes encryption practices outlined by CTPAT (Customs-Trade Partnership Against Terrorism), as well as other applicable laws and frameworks.

7.3 Periodic Testing

Encryption protocols will be reviewed and tested periodically to verify their effectiveness and alignment with current threats and technological advancements. Any identified vulnerabilities will be promptly addressed, and updates to encryption methods will be implemented as necessary to maintain the highest levels of security.

7.4 Education and Awareness

Employees and contractors with responsibilities related to backup management will receive training on the importance of encryption and best practices for securing data. This ensures that all stakeholders understand their role in protecting sensitive information.

By encrypting all backup files during transit and at rest, Widetech Manufacturing Sdn Bhd ensures the confidentiality and security of its critical data. This proactive approach reinforces the company’s commitment to preventing unauthorised access, maintaining trust, and upholding its obligations under relevant security and compliance standards.

8. ACCESS CONTROL

Widetech Manufacturing Sdn Bhd is committed to ensuring that access to backup files is strictly controlled to prevent unauthorised access, data breaches, and the misuse of sensitive information. By implementing robust access control measures, the company upholds the confidentiality, integrity, and availability of its backup files, in alignment with best practices and regulatory requirements.

8.1 Authorised Personnel Only

Access to backup files will be restricted exclusively to authorised personnel whose roles and responsibilities require such access. These individuals may include Information Technology staff, system administrators, and other employees involved in data backup and recovery processes. Access permissions will be granted based on the principle of least privilege, ensuring that users are given the minimum level of access required to perform their duties.

8.2 Role-Based Permission

Role-based access control (RBAC) will be enforced to assign and manage permissions according to job functions. Each role will have predefined access rights that dictate the level of interaction a user can have with backup files. For example:

Backup Administrators will have full access to manage and configure backup processes.
Information Technology Support Staff may have limited access for troubleshooting or monitoring purposes.
Management Personnel may have read-only access to review logs or reports as needed.

This structured approach minimises the risk of unauthorised or accidental modifications to backup files.

8.3 Secure Authentication (Optional)

Where feasible, all authorised personnel will be required to authenticate their identity using secure methods before accessing backup files. Multi-factor authentication (MFA) will be implemented to enhance security, combining two or more verification factors such as passwords, security tokens, or biometric data. Secure authentication protocols will ensure that only verified individuals gain access to backup systems.

8.4 Audit Trails and Monitoring

Every access attempt, whether successful or unsuccessful, will be logged in a centralised system for auditing and monitoring purposes. These logs will include details such as the identity of the user, the date and time of access, and the actions performed. Regular reviews of these logs will help identify and address any unauthorised access attempts or suspicious activities.

8.5 Periodic Access Reviews

Access permissions will be reviewed on a quarterly basis to ensure they remain aligned with current roles and responsibilities. Any changes in job functions, employment status, or project requirements will result in immediate updates to access rights. This ensures that access to backup files is continuously aligned with operational needs.

8.6 Physical Security

In addition to digital access controls, physical access to backup storage locations (such as server rooms or offsite facilities) will be restricted to authorised personnel only. Physical security measures, such as keycard access, biometric scanners, and CCTV monitoring, will be employed to prevent unauthorised entry.

8.7 Education and Training

Authorised personnel will receive training on the importance of access control and best practices for safeguarding backup files. This ensures that employees understand their responsibilities and the critical role access control plays in data protection.

By limiting access to backup files to authorised personnel only, and enforcing role-based permissions through secure authentication, Widetech Manufacturing Sdn Bhd ensures the highest level of protection for its critical data. These measures reflect the company’s commitment to maintaining robust security controls and adhering to industry standards and compliance requirements.

9. DISASTER RECOVERY TESTING

To ensure the reliability of backup systems and the organisation’s ability to recover swiftly in the event of an incident, Widetech Manufacturing Sdn Bhd will conduct regular disaster recovery testing. This process verifies the integrity of backup files and validates the effectiveness of disaster recovery procedures, reinforcing the company’s commitment to operational continuity and data protection.

9.1 Regular Integrity Testing

Backup files will be tested regularly to confirm their integrity and usability. These tests will ensure that backup data is free from corruption or errors and can be successfully restored when required. Verification processes will include:

Checksum Validation: Ensuring the accuracy of backup files by comparing data against predefined validation checks.
Sample Restorations: Periodic restoration of a sample set of files to verify completeness and functionality.
Error Analysis: Identifying and resolving any issues detected during the backup or testing process.

Regular integrity testing helps maintain confidence in the reliability of backup systems and ensures they are ready for use in critical situations.

9.2 Semi-Annual Disaster Recovery Validation

Disaster recovery procedures will be validated through formal testing conducted on a semi-annual basis. These tests will simulate various potential incidents, such as system failures, cyber-attacks, or natural disasters, to evaluate the organisation’s preparedness and response. Key components of the testing process include:

Full-System Recovery: Simulating a complete system restoration using backup files to ensure all critical functions can be reinstated within acceptable timeframes.
Testing Recovery Points: Confirming that backups are current and align with recovery point objectives (RPOs) to minimise data loss.
Evaluation of Recovery Times: Measuring recovery time objectives (RTOs) to ensure systems can be restored quickly and meet operational needs.

9.3 Documentation and Reporting

Results from disaster recovery testing will be documented in detailed reports, highlighting successes, identified weaknesses, and recommended improvements. These reports will be reviewed by senior management and Information Technology leadership to drive continuous improvement in disaster recovery planning and execution.

9.4 Training and Awareness

Disaster recovery testing will also serve as a training opportunity for Information Technology personnel and key stakeholders. Participants will gain practical experience in executing recovery procedures, ensuring familiarity with roles, responsibilities, and the tools required to respond effectively in real-world scenarios.

9.5 Continuous Improvement

Findings from disaster recovery testing will be used to refine and enhance backup processes, disaster recovery plans, and overall Information Technology resilience. Any gaps identified during testing will be addressed promptly to ensure the organisation remains fully prepared for potential disruptions.

By regularly testing the integrity of backup files and validating disaster recovery procedures semi-annually, Widetech Manufacturing Sdn Bhd demonstrates its commitment to proactive risk management and operational resilience. These measures help safeguard the company against unforeseen events and ensure the uninterrupted continuity of business operations.

10. AUDIT TRAIL

Widetech Manufacturing Sdn Bhd is committed to maintaining a detailed and transparent record of all backup-related activities. The establishment of a comprehensive audit trail is critical for ensuring compliance with regulatory standards, supporting security measures, and enabling accountability across all data management processes.

10.1 Logging of Backup Activities

All activities related to the creation, modification, and restoration of backup files will be meticulously recorded in a secure and centralised logging system. These logs will include, but are not limited to:

Backup Creation: Date, time, and success status of all backup operations, including the specific data sets involved.
Modifications: Any changes made to backup configurations or files, along with the identity of the authorised individual performing the changes.
Restoration Events: Details of all data restoration activities, including the source and destination of restored files, the purpose of the restoration, and the individual responsible for initiating it.

10.2 Monitoring for Security and Compliance

The audit trail will be actively monitored to detect any anomalies or unauthorised activities. Automated tools may be utilised to flag suspicious patterns, such as repeated failed attempts to access backup files or unusual modification requests. Regular reviews of the audit trail will ensure that backup processes comply with Widetech Manufacturing Sdn Bhd’s policies, industry standards, and legal obligations.

10.3 Access Control for Logs

Access to audit trail logs will be restricted to authorised personnel only, with role-based permissions ensuring that only individuals with a legitimate need can view or modify these records. Secure authentication protocols will further protect the integrity of the audit trail system.

10.4 Retention of Logs

Audit trail logs will be retained for a minimum of 12 months, or longer if required by legal, regulatory, or operational needs. Retaining these records ensures the company can demonstrate compliance during audits, investigations, or reviews.

10.5 Regular Auditing

Periodic internal and external audits will be conducted to verify the completeness, accuracy, and reliability of the audit trail. These audits will help identify any gaps in the logging process and provide recommendations for improvement.

10.6 Incident Investigation

In the event of a security breach, data loss, or operational disruption, the audit trail will serve as a crucial resource for incident investigation. By providing a detailed history of backup activities, the company can identify the root cause of the issue and implement corrective actions to prevent recurrence.

10.7 Continuous Improvement

Findings from the monitoring and auditing of the backup process will be used to enhance the organisation’s data management practices. The audit trail will be regularly reviewed and updated to ensure it aligns with evolving security challenges, regulatory requirements, and technological advancements.

By logging and monitoring all backup activities, Widetech Manufacturing Sdn Bhd ensures a high level of accountability, compliance, and security in its data management processes. This commitment to maintaining an accurate and secure audit trail underscores the organisation’s dedication to operational excellence and transparency.

11. BACKUP SCHEDULE AND PROCESS

Widetech Manufacturing Sdn Bhd recognises the importance of a well-structured backup schedule to ensure the protection and availability of critical systems and data. This procedure outlines the detailed steps for configuring, executing, and managing backups in a consistent and efficient manner.

11.1 Configuration of Automated Backup Schedules

Information Technology personnel will configure automated backup schedules for all critical systems. Automation eliminates the risk of human error, ensures consistency, and minimises the need for manual intervention.
Backup schedules will be programmed using reliable backup software that supports error reporting, monitoring, and logging to provide a comprehensive record of all backup activities.
The scheduling will take into account system performance, operational hours, and storage capacity to optimise efficiency without disrupting business activities.

11.2 Daily Incremental Backups

Incremental backups will be performed automatically at intervals between 8:00 AM and 8:00 PM daily. These backups will capture any changes made to data since the last backup, ensuring that critical information remains up to date throughout the day.
The incremental backup process is designed to minimise storage usage and processing time by only saving data that has been modified or created since the previous backup.
Information Technology personnel will monitor the completion of each incremental backup to ensure the data is accurately captured and stored securely.

11.3 Annual Full Backup

A comprehensive full backup will be conducted once a year. This backup involves creating a complete copy of all critical data and systems, providing a reliable recovery point in the event of a major incident or disaster.
The full backup will be scheduled during a low-usage period, such as non-working hours, to minimise any impact on operational activities and system performance.
Special attention will be given to verifying the integrity of the full backup to ensure that it can serve as a dependable foundation for restoration if needed.

11.4 Backup Process Management

All backups will be encrypted during transit and at rest to prevent unauthorised access and ensure data confidentiality.
Backup files will be securely stored in both onsite and offsite locations, providing redundancy and protection against physical or environmental risks.
Information Technology personnel will perform periodic checks to verify the reliability and completeness of the backup data, using testing tools to identify and address any errors.

11.5 Monitoring and Reporting

Logs of all backup activities will be automatically generated and monitored by Information Technology personnel. These logs will include details such as the start and end times of each backup, the data sets included, and the success or failure status.
Any backup failures or anomalies will be immediately reported and resolved to prevent data loss.

11.6 Documentation and Review

The backup schedule and associated procedures will be fully documented and reviewed annually to ensure they remain aligned with the organisation’s operational requirements, technological advancements, and compliance obligations.
Adjustments to the schedule may be made based on changes in business needs, data growth, or evolving best practices.

By implementing this structured backup schedule and process, Widetech Manufacturing Sdn Bhd ensures that critical data is consistently protected, securely stored, and readily available for recovery when needed. This approach reflects the organisation’s commitment to operational resilience, data security, and adherence to industry standards.

12. VERIFICATION AND MONITORING

To ensure the reliability and effectiveness of backup processes, Widetech Manufacturing Sdn Bhd will implement thorough verification and monitoring procedures. These measures are designed to identify and resolve any issues promptly, ensuring the integrity and availability of critical data at all times.

12.1 Daily Backup Log Review

Information Technology staff will conduct a detailed review of daily backup logs to confirm the successful completion of all scheduled backup activities.
The logs will provide essential information, including:
Start and end times of each backup.
Data sets that were backed up.
Status indicators, such as success, partial completion, or failure.
Any warnings, errors, or anomalies encountered during the process.
The review process will ensure that backups are functioning as intended and that all critical systems and data have been securely stored.

12.2 Identification and Resolution of Erros

If any errors or failures are detected during the review of backup logs, Information Technology staff will escalate the issue to the appropriate personnel for immediate investigation.
Errors may include failed backups, incomplete backups, or discrepancies in the data sets backed up versus those scheduled.
The root cause of the issue will be identified and resolved within 24 hours to minimise the risk of data loss or disruption to business operations.

12.3 Escalation Process

For critical errors that cannot be resolved within the initial review, a formal escalation procedure will be followed. This includes notifying senior Information Technology personnel or system administrators and, if necessary, engaging external technical support.
Documentation of the issue, including its cause and the actions taken to resolve it, will be maintained for future reference and process improvement.

12.4 Automated Alerts and Notifications

Backup systems will be configured to send automated alerts and notifications for any failures or anomalies detected during backup operations. This enables Information Technology staff to respond proactively without relying solely on manual log reviews.
Notifications will include details of the error, affected systems, and recommended actions, ensuring a swift and efficient resolution process.

12.5 Integrity Testing

As part of the verification process, Information Technology staff will periodically perform integrity tests on backup files to confirm their usability and accuracy.
Sample data will be restored from backup files to ensure they function correctly and meet the organisation’s recovery objectives.

12.6 Compliance and Reporting

All verification and monitoring activities will be documented and reviewed periodically to ensure compliance with Widetech Manufacturing Sdn Bhd’s policies and applicable standards.
Monthly reports summarising backup performance, issues encountered, and resolutions achieved will be provided to senior management to support oversight and continuous improvement.

12.7 Continuous Improvement

Findings from the verification and monitoring process will be used to refine backup procedures, enhance system configurations, and improve the overall resilience of the organisation’s data management practices.

By enforcing rigorous verification and monitoring protocols, Widetech Manufacturing Sdn Bhd ensures that its backup processes are consistently reliable and capable of supporting the organisation’s operational continuity and data security objectives. This proactive approach minimises risks and reinforces the company’s commitment to excellence in data management.

13. STORAGE AND SECURITY

Widetech Manufacturing Sdn Bhd places the highest priority on the secure storage of backup files to protect against data loss, unauthorised access, and physical or environmental threats. This policy ensures that backup data is stored securely both onsite and offsite, in compliance with industry best practices and regulatory requirements.

13.1 Onsite Backup Storage

Onsite backup drives will be securely stored within the Information Technology server room, which is designated as a restricted-access area. Entry will be controlled through access control measures, such as keycard authentication or biometric verification, ensuring only authorised personnel can gain entry.
External backup drives will take back by Finance Manager to protect against physical damage caused by fire, water, or other environmental factors.
The Information Technology server room will be equipped with additional security features, including:
- CCTV surveillance to monitor activity within and around the room.
- Environmental controls, such as temperature and humidity regulation, to ensure optimal conditions for electronic storage.
- Fire suppression systems designed specifically for sensitive Information Technology environments.

13.2 Offisite Backup Storage

To provide redundancy and ensure business continuity in the event of an onsite disaster, offsite backups will be created and securely stored in a remote location.
Offsite backups will primarily be uploaded to a secure, encrypted cloud storage solution provided by a trusted vendor. The cloud platform will offer advanced security features, including:

Data encryption during transit and at rest, using industry-standard protocols such as AES-256 encryption.
Multi-factor authentication (MFA) for all users accessing the cloud storage platform, ensuring that even if login credentials are compromised, unauthorised access is prevented.
Geographically redundant storage, where data is replicated across multiple secure data centres to further mitigate risks of loss due to regional disasters.
Access to cloud backups will be restricted to authorised personnel, with permissions managed through role-based access controls and monitored for compliance.

13.3 Regular Security Assessments

The storage locations, both onsite and offsite, will undergo regular security assessments to ensure they continue to meet Widetech Manufacturing Sdn Bhd’s security standards.
Any vulnerabilities or risks identified during these assessments will be promptly addressed through updates to physical security measures, access controls, or vendor contracts.

13.4 Data Integrity Checks

Backup files stored onsite and offsite will be regularly tested for integrity to ensure they remain intact and usable in the event of restoration.
Corrupted or incomplete files will be flagged for immediate replacement, and measures will be taken to prevent future occurrences.

13.5 Compliance and Regulations

The storage and security practices for backup files will comply with all applicable legal, regulatory, and contractual requirements, including those specified under CTPAT (Customs-Trade Partnership Against Terrorism) standards.
Documentation of security measures and compliance will be maintained for audit purposes and shared with relevant stakeholders as needed.

13.6 Physical and Cybersecurity Training

Information Technology personnel responsible for managing backup storage will receive training on physical security protocols and cybersecurity best practices. This ensures that those handling backup files are equipped to maintain high standards of security and prevent potential breaches.

By implementing these comprehensive storage and security measures, Widetech Manufacturing Sdn Bhd ensures that its backup files are well-protected against physical and cyber threats. This dual-layered approach supports the organisation’s commitment to safeguarding its critical data and maintaining operational resilience

14. DATA RESTORATION

Widetech Manufacturing Sdn Bhd is committed to maintaining a controlled and secure process for restoring backup data. This procedure ensures that data restoration is performed only when necessary, by authorised personnel, and in a manner that safeguards data integrity and confidentiality. The following outlines the key steps and requirements for data restoration.

14.1 Submitting Restoration Requests

All restoration requests must be submitted through the company’s internal Information Technology ticketing system. This centralised system ensures that each request is documented, tracked, and handled efficiently.
The ticketing system will require the requester to provide detailed information, including:

The specific data or system requiring restoration.
The reason for the restoration request.
The desired restoration point (e.g., date or version of the backup).
Each ticket will be assigned a unique reference number to facilitate tracking and auditing.

14.2 Approval Process

Only authorised personnel with managerial approval are permitted to initiate the restoration process. This approval step is designed to prevent unauthorised access to backup data and ensure that restoration activities align with business needs.
Managerial approval must be documented within the Information Technology ticketing system, along with any relevant notes or instructions.
Sensitive restoration requests, such as those involving financial records, personal data, or intellectual property, may require additional levels of approval from senior management or compliance officers.

14.3 Restoration Process

Once a request has been approved, Information Technology personnel will retrieve the required backup file from the appropriate storage location (onsite or offsite) and initiate the restoration process.
The restoration process will include:

Verifying the integrity of the backup file before proceeding.
Ensuring the restoration does not overwrite existing data unless explicitly authorised.
Performing the restoration within a secure and controlled environment to protect the data from potential breaches or errors.

14.4 Notification and Verification

Upon completion of the restoration, Information Technology personnel will notify the requester and any relevant stakeholders. A summary of the restoration, including the restored data and any issues encountered, will be documented in the Information Technology ticket.
The requester will be required to verify the success of the restoration and confirm that the restored data meets their requirements. Any discrepancies or issues must be reported immediately for resolution.

14.5 Access Control

Strict access controls will be maintained throughout the restoration process to ensure that only authorised personnel can interact with backup files or restored data. Multi-factor authentication and role-based permissions will be enforced at all stages.

14.6 Audit and Documentation

Every restoration request and its resolution will be logged in the Information Technology ticketing system, creating a detailed audit trail. These records will include:

The identity of the requester and approver(s).
The data or systems restored.
The timeline and steps taken during the restoration.
Any errors or corrective actions implemented.
Audit logs will be reviewed periodically to ensure compliance with Widetech Manufacturing Sdn Bhd’s policies and regulatory standards.

14.7 Training and Awareness

Information Technology personnel involved in the restoration process will receive regular training to ensure they understand best practices, tools, and security protocols. This training will reinforce the importance of maintaining data integrity and protecting sensitive information during restoration activities.

By implementing this structured and secure data restoration procedure, Widetech Manufacturing Sdn Bhd ensures that backup data is accessed and restored responsibly, minimising risks and maintaining the highest standards of data security and operational integrity.

15. DISASTER RECOVERY TESTING

Widetech Manufacturing Sdn Bhd is committed to ensuring that its backup and recovery processes are effective and reliable in the event of a system failure or disaster. To achieve this, the organisation will conduct regular disaster recovery drills to test and validate the recoverability of backup files, ensuring business continuity and compliance with industry standards.

15.1 Scheduled Disaster Recovery Drills

Disaster recovery drills will be conducted every six months to simulate real-world scenarios involving system failures, cyber-attacks, or natural disasters.
The drills will follow a predefined schedule to allow Information Technology staff and relevant stakeholders to prepare and participate effectively. However, some drills may be conducted as surprise exercises to test real-time response capabilities.
The scope of each drill will include critical systems, applications, and data identified as essential to the organisation’s operations.

15.2 Objectives of Disaster Recovery Testing

Verify Backup Integrity: Ensure that backup files are intact, uncorrupted, and capable of being restored successfully.
Evaluate Recovery Time Objectives (RTO): Test whether critical systems and data can be restored within the defined timeframes to minimise downtime.
Assess Recovery Point Objectives (RPO): Confirm that data restored from backups is current enough to meet operational requirements, minimising data loss.
Identify Weaknesses: Detect any gaps, vulnerabilities, or inefficiencies in the disaster recovery plan and take corrective action to improve the process.

15.3 Steps in the Disaster Recovery Drill

15.3.1 Preperation

Define the objectives and scope of the drill, including the systems and data to be tested.
Notify relevant personnel and departments to ensure they understand their roles and responsibilities during the drill.
Secure a controlled environment for the testing to avoid unintentional disruptions to live operations.

15.3.2 Execution

Simulate a realistic disaster scenario, such as a server failure, ransomware attack, or data centre outage.
Initiate the restoration process using backup files stored onsite, offsite, or in the cloud.
Monitor the performance of systems and personnel throughout the drill to evaluate adherence to the disaster recovery plan.

15.3.3 Validation

Verify that all systems and data have been successfully restored and are functioning as expected.
Ensure that recovery times and data accuracy align with the organisation’s recovery objectives.

15.3.4 Documentation

Record all activities, including the time taken for each step, any challenges encountered, and the outcomes of the drill.
Collect feedback from participants to gain insights into the effectiveness of the plan and its execution.

15.4 Post-Drill Evaluation

Following the disaster recovery drill, a comprehensive evaluation will be conducted to review the results and identify areas for improvement.
A detailed report will be prepared, highlighting:

The success rate of the recovery efforts.
Any issues or delays encountered.
Recommendations for improving the disaster recovery plan and processes.

The report will be shared with senior management and relevant teams to ensure accountability and drive continuous improvement.

15.5 Training Awareness

Disaster recovery drills will serve as training opportunities for Information Technology staff and other stakeholders, ensuring they are familiar with their roles and responsibilities in an actual disaster scenario.
Training sessions will focus on enhancing technical skills, decision-making, and teamwork to improve overall response effectiveness.

15.6 Continuous Improvement

Insights gained from each drill will be used to update and refine Widetech Manufacturing Sdn Bhd’s disaster recovery plan.
Regular testing and updates ensure that the organisation remains prepared to respond effectively to emerging threats and challenges.

By conducting disaster recovery drills every six months, Widetech Manufacturing Sdn Bhd ensures its readiness to handle system failures and protect critical data. These proactive measures strengthen the organisation’s resilience, minimise operational disruptions, and uphold its commitment to data security and business continuity.

16. POLICY COMPLIANCE AUDITS

Widetech Manufacturing Sdn Bhd is committed to maintaining the highest standards of data protection and operational resilience. To ensure consistent adherence to this policy and the continuous improvement of backup and disaster recovery processes, the organisation will conduct regular compliance audits. These audits serve as a critical tool for verifying policy implementation, identifying potential gaps, and fostering a culture of accountability.

16.1 Annual Audit Schedule

Comprehensive audits of backup and disaster recovery processes will be conducted annually. These audits will review the organisation’s adherence to the policies outlined in this document and evaluate their effectiveness.
The audit schedule will be planned and communicated in advance, allowing all relevant personnel to prepare necessary documentation and resources.
In addition to the annual review, ad hoc audits may be initiated in response to significant changes in operations, systems, or regulatory requirements.

16.2 Audit Objectives

The primary objectives of the compliance audits are to:

16.2.1 Verify Adherence to Policy

Confirm that all aspects of the backup and disaster recovery policy are being followed, including storage protocols, access controls, and testing schedules.

16.2.2 Evaluate Effectiveness

Assess the efficiency and reliability of current processes in safeguarding data and ensuring recoverability.

16.2.3 Identify Gaps and Risks

Detect areas of non-compliance, vulnerabilities, or inefficiencies that may compromise the organisation’s data security or operational continuity.

16.2.4 Ensure Regulatory Compliance

Verify alignment with relevant legal, industry, and contractual obligations, including CTPAT (Customs-Trade Partnership Against Terrorism) standards.

16.2.5 Drive Continuous Improvement

Provide actionable insights and recommendations to enhance the organisation’s policies, procedures, and overall security posture.

16.3 Audit Process

16.3.1 Preperation

Audit teams will review the policy documentation, previous audit reports, and current operational procedures.
A checklist of compliance criteria will be developed to guide the audit process and ensure thorough coverage.

16.3.2 Data Collection

Auditors will collect evidence through interviews, observations, and reviews of system logs, backup schedules, and disaster recovery test results.
Documentation, including Information Technology ticketing records, access logs, and monitoring reports, will be examined to verify compliance.

16.3.3 Evaluation

Each component of the policy will be assessed against established criteria to determine adherence and effectiveness.
Special attention will be given to high-risk areas, such as data encryption, access controls, and the integrity of stored backups.

16.3.4 Reporting

A detailed audit report will be prepared, highlighting compliance levels, areas for improvement, and any instances of non-compliance.
Recommendations for corrective actions and enhancements will be included to address identified gaps.

16.3.5 Follow Up

Management will review the audit findings and prioritise the implementation of recommended changes.
Progress on corrective actions will be tracked, and follow-up audits may be conducted to ensure issues are resolved.

16.4 Accountability and Training

Audit results will be shared with key stakeholders, including senior management, to ensure transparency and accountability.
Personnel responsible for implementing the policy will receive feedback and, if necessary, additional training to address gaps or improve compliance.

16.5 Continuous Improvement

Insights from compliance audits will be used to refine and update the organisation’s backup and disaster recovery policies.
Regular audits ensure that Widetech Manufacturing Sdn Bhd stays ahead of emerging risks, adopts best practices, and maintains a resilient and secure Information Technology infrastructure.

By conducting annual compliance audits, Widetech Manufacturing Sdn Bhd reinforces its commitment to upholding the integrity and effectiveness of its backup and disaster recovery processes. These audits not only ensure adherence to policy but also promote a proactive approach to enhancing data security and operational resilience.

17. RESPONSIBILITIES

To ensure the successful implementation and ongoing effectiveness of Widetech Manufacturing Sdn Bhd’s backup and disaster recovery policies, clear responsibilities are assigned to the Information Technology Department. These responsibilities encompass the planning, execution, monitoring, and improvement of all backup-related processes, ensuring that data security and operational continuity are maintained at the highest standard.

17.1 Information Technology Department Responsibilities

The Information Technology Department plays a central role in safeguarding the organisation’s critical data. Their responsibilities are as follows:

17.1.1 Implementing and Maintaining Backup Schedules

Development of Backup Schedules:
Information Technology personnel will design and configure automated backup schedules for all critical systems in alignment with organisational requirements and industry best practices. This includes planning for daily incremental backups, annual full backups, and ensuring that backup activities are completed without impacting regular business operations.
Configuration of Backup Systems:
The Information Technology Department will ensure that backup systems are configured correctly, including the setup of secure storage locations, both onsite and offsite, and the application of robust encryption protocols.
Documentation and Updates:
All backup schedules, configurations, and related procedures will be documented and reviewed regularly. Updates will be made to reflect changes in technology, operational needs, or compliance requirements.

17.1.2 Ensuring Security Measures

Data Encryption:
Information Technology staff will apply encryption to all backup files, both during transit and at rest, to prevent unauthorised access and ensure data confidentiality.
Access Controls:
The Information Technology Department will implement role-based access controls, ensuring that only authorised personnel can access or manage backup files. Multi-factor authentication will be enforced for all backup-related systems.
Compliance with Standards:
Security measures will be maintained in compliance with Widetech Manufacturing Sdn Bhd’s internal policies, CTPAT standards, and applicable legal or regulatory requirements.

17.1.3 Monitoring Backup Operations

Real-Time Monitoring:
Information Technology personnel will use monitoring tools and dashboards to track the status of all backup operations, ensuring that they are executed as scheduled and without errors.
Log Reviews:
Daily reviews of backup logs will be conducted to verify successful completion and identify any anomalies or failures. These logs will include details such as backup status, time taken, and any system warnings or errors.
Error Resolution:
Any issues or failures detected during backup operations will be addressed immediately. The Information Technology Department will investigate the root cause, resolve the issue within 24 hours, and ensure data integrity is not compromised.

17.1.4 Disaster Recovery Testing

Planning and Execution:
Information Technology personnel will plan and execute disaster recovery drills every six months. These simulations will test the integrity of backup files and the effectiveness of recovery procedures.
Documentation and Feedback:
Results from disaster recovery tests will be documented, and feedback will be used to improve recovery plans and ensure preparedness for actual incidents.

17.1.5 Continuous Improvement

Performance Analysis:
The Information Technology Department will analyse the performance of backup systems and identify opportunities for optimisation, such as improving efficiency or reducing recovery times.
Integration of New Technologies:
The Information Technology team will stay informed about emerging technologies and implement improvements to ensure the organisation’s backup processes remain secure, efficient, and compliant with evolving standards.

17.1.6 Accountability

The Information Technology Department will report backup activities and any issues to senior management on a regular basis. This ensures transparency and provides management with the necessary insights to support decision-making related to data security and business continuity.

By fulfilling these responsibilities, the Information Technology Department ensures that Widetech Manufacturing Sdn Bhd’s backup processes are robust, secure, and capable of supporting the organisation’s operational needs. Their proactive approach to monitoring, maintaining, and improving backup systems underscores the company’s commitment to excellence in data protection and disaster recovery.