The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]
Ensure that all system data is automatically backed up on a regular basis.
Ensure that all of the organization's key systems are backed up as a complete system, through processes such as imaging, to enable the quick recovery of an entire system.
Ensure that backups are properly protected via physical security or encryption when they are stored, as well as when they are moved across the network. This includes remote backups and cloud services.
Ensure that all backups have at least one offline (i.e., not accessible via a network connection) backup destination.