OR-14 IT Operations & Resilience
Backup Storage & Protection
Backup copies are secure and resilient.
- Domain
- IT Operations & Resilience
- Control type
- Preventive
- Automated / manual
- Automated
- Frequency
- Continuous
- Framework reference
- MAS TRM – Resilience; Cyber Hygiene
What good looks like
Backups encrypted, stored separately, access-restricted and immutable where feasible.
Risk if it fails
Backups compromised/deleted in an attack.
How Tess tests it
3 tests — each concludes only on cited evidence.
Backup protection standard defined
Design- Procedure
- Inspect the standard.
- Expected
- Encryption/separation/immutability defined.
- Sample
- 1 (design inspection)
- Evidence
- Backup-storage configuration, access controls.
Backups encrypted & separated
Operating- Procedure
- Inspect configuration.
- Expected
- Encrypted; geo/logically separated.
- Sample
- 25 (or full config inspection)
- Evidence
- Backup-storage configuration, access controls.
Backups immutable/access-restricted
Operating- Procedure
- Inspect protection.
- Expected
- Ransomware-resilient protection.
- Sample
- 25 (or full config inspection)
- Evidence
- Backup-storage configuration, access controls.
Evidence Tess looks for
Backup-storage configuration, access controls.
More in IT Operations & Resilience
Want Tess to test OR-14 against your evidence?
Book a demo