BIM.PR.23 — Backup
1. Purpose and Scope
Within the framework of KYS.POL.01 P19 (Information Systems Backup Policy), defines the backup strategy, frequency, retention periods, encryption and test regime for institutional systems.
2. 3-2-1 Strategy
- 3 copies (1 production + 2 backups)
- 2 different media types (disk + tape or disk + cloud)
- 1 copy off-site
3. Backup Frequency
| Data Type | Frequency | Retention |
|---|---|---|
| Databases (OBS, EBYS, Proliz, etc.) | Hourly incremental + daily full | 90 days |
| File servers | Daily | 90 days |
| Mail (Google Workspace) | Native + 3rd-party backup daily | 1 year |
| Virtual machines (image) | Weekly full, daily diff | 30 days |
| Configuration (router, switch) | Every change + weekly | 1 year |
| Code repositories (Git) | Continuous (clone) + weekly off-site | Indefinite |
4. Location
- Primary backup: On-campus primary data centre
- Secondary backup: Secondary campus building (off-site)
- Tertiary backup (critical data): Licensed cloud provider (Turkey data centre)
5. Encryption
All backups are encrypted with AES-256; keys are held on an HSM. Key access is managed via P25 (Cryptographic Controls).
6. Testing and Verification
- Monthly random restore test (sample file/table)
- Quarterly full Disaster Recovery scenario (BİM.PR.06)
- Test results reported to IT Directorate
7. KVKK Compliance
- Backups may contain personal data and are therefore subject to all KVKK principles
- Erasure requests are removed from backups within the 90-day rotation cycle
- KYS.POL.03 + KYS.POL.05 retention table applies
8. Effective Date
26.04.2026; revised January/July.
Hasan Kalyoncu University · IT Directorate
Osmanlı Mah. Havaalanı Yolu Üzeri 8. Km 27010 Şahinbey/Gaziantep
444 6 458 · destek@hku.edu.tr · destek.hku.edu.tr · portal.hku.edu.tr
KEP: hasankalyoncu.unv@hs01.kep.tr