11.2
IG1 IG2 IG3

Perform Automated Backups 

Control Group: 11. Data Recovery
Asset Type: Data
Security Function: Recover

Description

Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data.

Implementation Checklist

1
Define recovery objectives (RTO/RPO)
2
Implement recovery capabilities and procedures
3
Test recovery procedures on a regular schedule
4
Document recovery procedures and contact information
5
Identify critical data and systems requiring backup
6
Configure automated backup schedules
7
Verify backup integrity and test restoration
8
Store backups securely with offsite/air-gapped copies

Threats & Vulnerabilities (CIS RAM)

Threat Scenarios

Data Loss from System Failure Without Current Backups

Availability

Hardware failures, storage corruption, or accidental deletion destroy critical data, and without automated backups running on a defined schedule the organization cannot restore to a recent state, resulting in permanent data loss.

Ransomware Recovery Failure Due to Stale Backups

Availability

After a ransomware attack, the organization discovers that backups are weeks or months old because automated backup schedules were never configured, forcing a choice between paying the ransom or accepting significant data loss.

Business Continuity Failure from Manual Backup Neglect

Availability

Manual backup processes are skipped during busy periods, staff transitions, or organizational changes, creating gaps in backup coverage that are only discovered when data recovery is needed during an incident.

Vulnerabilities (When Safeguard Absent)

No Automated Backup Schedule for Enterprise Assets

Critical enterprise data is not backed up on an automated schedule, relying on manual processes that are inconsistently followed, resulting in unpredictable backup currency and unknown recovery point capability.

Incomplete Backup Scope Missing Critical Data Stores

Automated backups cover some systems but miss critical databases, file shares, SaaS application data, or cloud workloads, leaving significant portions of enterprise data without any backup protection.

Evidence Requirements

Type Evidence Item Collection Frequency
Document Recovery plan documentation Reviewed annually
Record Recovery test results and lessons learned Tested quarterly
Technical Backup job status reports and success rates Reviewed weekly
Record Backup restoration test results Tested quarterly
Document Governing policy document (current, approved, communicated) Reviewed annually