Backup Retention Policy

Franklin & Marshall strives to set an appropriate balance between retention of electronic back up files and tapes to allow for responsible management of our systems and services and the need to eliminate data that should no longer be retained.  What follows outlines our retention policy.

When attempting to make a specific determination as to how long any particular piece of data from an individual user’s account may be retained or recoverable, it is important to keep in mind both the retention policies and procedures outlined below.  And as well, the College’s provisioning/deprovisioning matrix.  This matrix defines how long a user’s account may remain active after they depart and there is some variation based upon user type. (student, faculty, alumni, emeritus, etc.)

Note: At the request of College legal counsel, restrictions on deletion of certain data and/or files, typically referred to as a "litigation hold,"  may be implemented, which would supersede the retention periods outlined in this policy.  Such data and/or files shall be retained by the College until notice from the College's legal counsel.  

Retention of backup files and tapes for data and servers that reside on campus

The College’s data storage environment (Compellent SAN) retains single day snapshots for the previous 30 days.  These snapshots are held on campus and at the College’s Disaster Recovery off-site facility.

Beyond 30 days, the College retains a single monthly full tape backup of data from the College’s data storage environment (Compellent SAN) for the previous 24 months.  These full backups are run the first week of each month.  When a new full backup is created, the oldest tape is then returned to inventory to be overwritten with a future back up or erased and retired if the tape has reached the end of its usable life.  There are never more than 24 months of data on tape available.  Tapes do not leave campus, but instead reside in the College’s tape vault in Shadek-Fackenthal Library, at a distance from the primary data center in Martin Library of the Sciences.

The 30 days of daily snapshots allow for easier full-system recovery in the event of a system failure and give greater capacity to recover to a more specific point in time.  The tape back ups allow for easier single-file or folder retrieval in the event data has been inadvertently deleted. 

This practice impacts the following systems: This is a blanket approach and would cover everything in our VMWare infrastructure.  

Should a documented need arise to retain a Banner backup or snapshot for regulatory or audit purposes that extends beyond this window, data stewards should make the need known to AdminIT as part of College IT governance and IT staff will accommodate.

Retention of Log Files

Log file data is data generated about system events.  This data is valuable when an incident occurs or a problem with a campus system needs to be diagnosed.  However, this data can grow large and can be costly to store.  For this reason, we believe it is important to be specific about the amount of log file data we will retain.  We will retain no more than 24 months of log file data and will monitor and review this as necessary.  There is little impact for campus in setting a log file retention policy.  However, this is helpful data for Information Technology staff.  If a vulnerability was discovered, our capacity to trace backwards would not be greater than 24 months. 

Retention of faculty and staff desktop computer back up data

The College provides faculty and staff with a tool for backing up the data on their desktop computer or laptop.  This is not required, but can be optionally installed.  This backup tool (CrashPlan) is meant to protect an end user’s data in the event their computer suffers a hard disk failure, is stolen, etc.  CrashPlan is also a convenient way for a user to retrieve a file that they have accidentally deleted.

Because CrashPlan is a backup solution and is meant to provide added protection to data that resides on individual users’ computers, it is not further backed up as other campus systems are.  Back up data for a user is maintained for 90 days.  Should a user delete a file and wish to restore it, they could do so for up to 90 days from the time of deletion.  If a user departs the College, their data back up would remain on the system for 12 months.  At that time, their deactivated account would be removed.

Retention and backup for data and systems that reside off campus (Cloud Services)

Google Apps for Education-Retention

With the exception of students who graduate from the College and retiring faculty and staff who retain their account and data for life, all other user accounts are deactivated following the College’s provisioning/deprovisioning matrix.  For non-retiring, non-alumni faculty and staff their account is deactivated on the day of their departure.

When an account is deactivated:

  • All of the user’s mail and Google Docs are retained for 12 months.  At the time of account deactivation, a supervisor or appropriate administrator receives an audit report from ITS.  The report provides information about the Google Docs that had been owned by the departing individual so that supervisor has the opportunity to request their ownership be changed to another individual.  If an individual is retaining their account (emeritus or alumnus/a for example) a second audit report details what documents owned by others were shared with this individual, so that permission can be revised.  This is particularly helpful for situations where a departing colleague is permitted to retain their account but should not have access to shared departmental files. Google Docs and mail are unrecoverable 12 months after an account is deactivated.

Files and messages deleted by an active account-holder:
When a user deletes a message from their Gmail account or a document from their Google Apps account, that message remains in their ‘trash’ for 30 days.  The item is retrievable by the user during that time.  If the user elects to empty the trash before 30 days, the message or file is no longer retrievable by the user.  When a message or file is no longer in the Trash, it can be recovered by an IT administrator for an additional 25 days.  

Google Apps for Education-Back Up
The College does not back up Google Apps for Education data but relies upon Google’s disaster recovery infrastructure to provide added redundancy and recoverability in the event of system failure.  As such, files deleted by users from Google Drive or email, are retrievable as described above.  However they are NOT retrievable for 24 months from back up tapes as is the case for on campus systems.  The only exception to this is if a user is using CrashPlan and enables the Google Desktop Sync Tool and syncs non-Google formatted documents to their computer (examples: PDF, MSWord, XLS.)   Those Google Drive files would be backed up by CrashPlan and would, as a result, be available for 90 days after deletion along with other files from CrashPlan.  The synced files would be retrievable from CrashPlan for 12 months after the individual's account is deactivated similar to other files.

--------

Policy Maintained by: Information Technology Services, Vice President and Chief Information Officer

Last Reviewed: 12 September 2017