As part of the ICT risk management framework, financial entities shall adopt backup policies and procedures specifying the scope of the data that is subject to the backup and the minimum frequency of the backup, based on the criticality of information or the confidentiality level of the data.
Policy document defining backup strategies, retention periods, restoration procedures, and testing requirements for ICT systems as required by DORA Article 13.
backup-policyfs-backup-policy-statusDORA-Art13-P1effective_dateretention_period_dayslast_restoration_test_date{
"properties": {
"backup_frequency": {
"enum": [
"hourly",
"daily",
"weekly"
],
"type": "string"
},
"covers_all_critical_systems": {
"type": "boolean"
},
"effective_date": {
"format": "date",
"type": "string"
},
"has_immutable_backups": {
"type": "boolean"
},
"last_restoration_test_date": {
"format": "date",
"type": "string"
},
"policy_version": {
"type": "string"
},
"restoration_rto_hours": {
"minimum": 0,
"type": "number"
},
"restoration_test_successful": {
"type": "boolean"
},
"retention_period_days": {
"minimum": 1,
"type": "integer"
}
},
"required": [
"policy_version",
"effective_date",
"backup_frequency",
"retention_period_days",
"last_restoration_test_date"
],
"type": "object"
}