DATA-07

Do backups containing the institution's data ever leave the institution's data zone either physically or via network routing?

Explanation

This question is asking whether backup copies of the institution's data are ever stored or transmitted outside of the institution's controlled environment (data zone). The 'data zone' refers to the physical and network boundaries where the institution maintains direct control over its data. The question is important for security assessments because backups represent complete copies of sensitive data that could be compromised if not properly secured. When backups leave the institution's controlled environment, they introduce additional security risks including: 1. Potential exposure during transit (physical or network) 2. Storage in locations with potentially different security controls 3. Possible jurisdictional or compliance issues if data crosses geographic boundaries 4. Increased attack surface for data breaches To best answer this question, you should: - Be transparent about whether backups leave the institution's environment - If they do leave, explain the security controls in place to protect the data (encryption, secure transport methods, etc.) - Describe any third-party backup services used and their security certifications - Mention any contractual protections in place with backup service providers - Note any geographic considerations (data sovereignty) for backup storage locations

Example Responses

Example Response 1

Yes, our backup solution does involve data leaving the institution's data zone We use Amazon Web Services (AWS) S3 for our off-site backup storage All data is encrypted using AES-256 encryption before transmission, and the encryption keys are managed through AWS KMS with strict access controls Data is transmitted over TLS 1.2+ encrypted connections Our backup service provider maintains SOC 2 Type II, ISO 27001, and FedRAMP certifications We have contractual agreements ensuring the data remains within the continental United States to address data sovereignty requirements Access to these backups requires multi-factor authentication and is limited to authorized personnel only.

Example Response 2

No, all backups containing institution data remain within our controlled data zones We maintain two physically separate data centers (primary and secondary) that are both owned and operated by our organization Backup data is replicated between these facilities over a private, encrypted network connection that does not traverse the public internet Both facilities implement the same security controls and access restrictions Our backup infrastructure is air-gapped from our production environment to protect against ransomware attacks, but remains within our physical security perimeter and network boundaries at all times.

Example Response 3

Yes, but only in limited circumstances Our primary backup strategy keeps all data within our controlled environment However, for disaster recovery purposes, we maintain quarterly archival backups that are stored with Iron Mountain's secure offline storage service These physical backups are encrypted using FIPS 140-2 validated encryption before leaving our facility and are transported in secure, GPS-tracked vehicles by bonded couriers We recognize this represents a potential security risk, but we've determined that the business continuity benefits outweigh the risks given the security controls in place We're currently evaluating transitioning to a fully digital backup solution that would eliminate physical transport in the next fiscal year.

Context

Tab: Product
Category: Data