Umm Al-Qura University

Umm Al-Qura University

Backup, Recovery and Retention Policy

- 2019/04/09

Backup, Recovery and Retention Policy

All university electronic data and information must be regularly stored on secure media for disaster recovery purposes, ensuring thereby work continuity. This policy outlines the minimum requirements for establishing and maintaining backups. As for special backup requirements that exceed the minimum requirements for storage, they should be contained in accordance with the terms of this policy.


This policy applies to all members of the university community.


The objective of this policy is to clarify the rules for making a backup copy of all data related to critical services at the university, to ensure restorability.



  1. System owners are responsible for providing the backup requirements to ensure successful recovery of electronic information/data, in the case of data corruption. Such standby arrangements for the work processes of the university must ensure that the work resumes normally within a reasonable period of time, and with minimal loss of data. Furthermore, over time, systems are likely to malfunction for many reasons; therefore, multiple generations of backups should be maintained to ensure continuity of important services.
  2. Microsoft Office 365 Services backup: all services provided by Microsoft Office 365 adopt and apply the data protection policy stated on their site.

Operational Policies and Procedures:

Minimum backup requirements:

  1. All backups of university information/data and software, such as computer operating systems, must be retained and be fully recoverable. This can be accomplished using multiple backup options, like copy backup, full backup, incremental backup, and differential backup.
  2. The frequency and retention periods of backups are determined by the criticality of the information and data. The backup copies must be retained for at least 90 days.
  3. At least three backup versions of UQU information and data must be retained.
  4. At least one fully recoverable backup version of all UQU information and data must be stored in a secure, off-site location.
  5. Only UQU information and data saved on the network server shall be backed up and supported, in accordance with the university backup procedures.
  6. Database recovery procedures must be developed and periodically tested.