Just wondering what others thoughts are on backup protocols for regulated systems like my example of water/wastewater. I need to develop a policy for us. I just looked at CISA and they recommend 2 backups on different media types with one offsite.
What I am thinking:
- Two project backups after any changes. One in “hot” storage, ie on a network drive. One in “cold” storage, ie external hard drive. This would apply to plc programs, etc too.
- Scheduled data backups. Im thinking weekly data backups saved to a network drive. With monthly data backups saved to removable media.
What are thoughts on taking system images vs backup of individual components? How do other poeple do it ?
Follow IT best practice: The 3-2-1 rule.
The 3-2-1 rule is a foundational data protection strategy designed to reduce risk and improve recoverability. It recommends that you:
- Maintain three copies of your data: This includes the original data plus at least two copies. This ensures redundancy in case one or two copies are corrupted or compromised during a ransomware attack or a hardware failure.
- Use two different types of media for storage: Store your data on two distinct forms of media, such as local storage and cloud, disk and tape. This diversity helps protect against simultaneous failure of a single media type.
- Keep at least one copy off-site: To further ensure data safety, add a geographic and network separation. Whether it’s a public cloud, a remote data center, or an air-gapped vault, the goal is to isolate backup data from any single point of failure or breach within your primary environment.
This rule works because it embraces redundancy, diversity, and isolation—three principles that underpin disaster recovery, cybersecurity readiness, and compliance. By distributing backups across multiple media types and physical or logical locations, organizations significantly reduce the likelihood of catastrophic data loss.
Further to this, learn how backups work and understand the differences between Full - Differential - Incremental backups:
Also realise that different applications require different strategies for backups:
- Databases: This data can be immense in size and also very volatile, are you storing a disk copy or the SQL transaction log?
- Ignition Gateway: This could be the whole OS, equally it could be just the Gateway Backup
- PLC Programs: How do you verify and version control these files? Traditionally these are poor for backup reliability, and require a lot of manual intervention.
5 Likes
Plc version control… who needs that. Just close your eyes, click on a program, and hope its the one actually in the processor.
Never been around b&r. We are all mostly legacy AB, with more and more AD brx as I swap them out.