Data Management: Backup & Secure
Steps must be taken to protect data from accidental data loss, corruption, and unauthorized access. This includes routinely making additional copies of data files or databases that can be used to restore the original data or for recovery of earlier instances of the data.
Why Are Backups Important?
- Backups help prevent data loss, saving time and money.
- Backups protect against human error, natural disasters, virus attacks, and hardware and power failures.
- Have a backup policy and establish who is responsible.
- Back up metadata along with data.
- Check the copied data after the backup.
- Physical security and computer security are important, especially for sensitive or confidential information.
- Secure sensitive data by sharing metadata only, use codes and encryption, ensure anti-virus and firewall software are up to date, and store data in a physically safe location.
Making backups of collected data is critically important in data management and the data lifecycle. Backups protect against human errors, hardware failure, virus attacks, power failure, and natural disasters. Backups can help save time and money if these failures occur.
Best Practices: Backups
- Understand the existing backup policies within your office or Branch.
- Check with your Science Center or Program IT staff about your backup policies and procedures, as they can vary around the Survey.
- Backups may or may not be part of the data management plan for the group.
- If there is no established policy, create a backup policy.
- Clarify who is responsible for performing backups.
- Specify where the backup data are to be located.
- Establish how to access the files.
- Define how often backups must be done. Again this may be dictated by policy.
- Describe policies for moving the data or how the format may change.
- Perform backups of digital data but also consider digitizing physical documents.
- Automate your backups.
- You can back up single files manually, but it is better to automate the system so that no files are missed and to ensure the backup is performed on a regular schedule.
- Back up the metadata along with the data.
- Locating the backup data:
- Depending on your branch's policy, you may back up data in a designated repository, on an external disk, or a network drive.
- Do not back up on CD and DVD disks as they can easily break or deteriorate.
- Place backups in a location that is different from the original data source to avoid a double loss.
- Checking backups:
- After you back up your data, check the files to make sure the data have been copied and there are no errors in opening the files.
- Make sure the file dates and file sizes are identical to the original copies.
- Perform a checksum, which is a mathematical calculation that can be compared between the backup file and the original file, to verify that they are identical.
- Determine how long to keep your backup.
- This will depend upon requirements and needs.
Securing Your Data
Physical security and computer security of data must be considered in good data management. While it is encouraged to make scientific data available to the public, sometimes confidential or sensitive information must be kept secure.
Best Practices: Data Security
- Share metadata but keep confidential or sensitive information unavailable.
- Create codes to make data anonymous. Keep the data dictionary secure.
- When transferring sensitive data to another party, encrypt the data.
- Make sure your computer has anti-virus and firewall software that updates regularly.
- Make sure data are physically protected in a locked drawer or on a secure network.
Disclaimer: Any use of trade, product, or firm names is for descriptive purposes only and does not imply endorsement by the U.S. Government.
What the U.S. Geological Survey Manual Requires:
The USGS Manual Chapter 600.5 - Information Technology Systems Security - General Requirements, November 2007 establishes policies, assigns responsibilities, and prescribes standards and procedures for the management of the U.S. Geological Survey's (USGS) information technology (IT) system security program.
- All USGS IT facilities and equipment shall be protected against loss, damage, theft, and misuse; and all data processed by USGS IT systems shall be protected against unauthorized disclosure, modification, or destruction. The level of protection shall be commensurate with the criticality of the system to the mission of the organization considering sensitivity of the information created, processed, stored, or transmitted by the IT system.
- Compliance with Federal, Departmental, and Bureau regulations and policies pertaining to IT systems is required. Violations of said regulations and policies shall result in appropriate administrative, disciplinary, or legal action against the violators.
- The USGS IT security handbook and/or Web site maintained by the Bureau IT security office is the authoritative guidance source for USGS standards, procedures, and other related IT security requirements.