top of page

BACKUPS

1. PURPOSE

The purpose of this SOP is to ensure that all hotel IT systems, data, and operational files are securely backed up, protected, and recoverable in case of system failure, cyberattack, accidental deletion, or disaster.


2. SCOPE

This SOP applies to all IT systems including:

  • File Server data

  • Property Management System (PMS) data (if stored      locally)

  • Accounting and HR system files

  • POS system files (if applicable)

  • Email data (if managed internally)

  • Shared folders and department files

  • Critical hotel operational documents

3. RESPONSIBILITIES

3.1 IT Manager / IT Administrator

  • Responsible for performing and monitoring all backups

  • Ensures secure storage of backup media

  • Maintains backup logs and reports

  • Coordinates with external IT support company

  • Ensures server security and capacity monitoring

3.2 External IT Support Company (if applicable)

  • Conducts scheduled backup audits

  • Performs system health checks

  • Assists in recovery testing and troubleshooting

3.3 General Manager

  • Approves backup policies and disaster recovery      standards

4. BACKUP PROCEDURES

4.1 Backup Storage Security

What to Do:
Ensure all backup files or tapes are stored securely.

How to Do It:

  • All backups must be stored in a locked and secure      location.

  • Backup media must never be stored next to the main File      Server.

  • Access to backup storage must be limited to authorized      IT personnel only.

  • Backup media must be protected from heat, humidity,      dust, and unauthorized access.

Why:
To prevent data loss, theft, or damage during system failures or disasters.

4.2 Backup Scheduling and Frequency

What to Do:
Perform backups according to the hotel backup plan.

How to Do It:

  • Run daily automatic backups using approved backup      software (example: Backup Exec).

  • Ensure full backup is completed at least once per week.

  • Ensure incremental or differential backups are      completed daily (as configured).

  • Backup schedule must be configured to avoid peak      operational hours.

Why:
To ensure business continuity and reduce data loss risk.

4.3 Backup Logging and Documentation

What to Do:
Maintain a backup log for every completed backup.

How to Do It:
Each backup must be recorded with the following details:

  • Date and time of backup

  • Type of backup (full / incremental / differential)

  • Backup location (local storage / tape / cloud)

  • Name of person responsible

  • Confirmation of completion status (success / failed)

  • Any error messages or remarks

Why:
To ensure accountability, traceability, and audit readiness.

4.4 Offsite Backup Storage

What to Do:
Store one backup copy offsite every week.

How to Do It:

  • Once per week, remove one full backup tape or backup      drive and store it offsite.

  • Offsite location must be secure, approved by      management, and protected from theft and fire.

  • The offsite backup must be transported discreetly and      documented in the Offsite Backup Log.

Why:
To ensure hotel data can be recovered even in case of fire, flood, or major server damage onsite.

4.5 Backup Verification and Testing

What to Do:
Check backups regularly to confirm they are usable.

How to Do It:

  • Backup logs generated by the backup software must be      reviewed at least twice per week.

  • IT Manager or contracted support company must check      backup status and error reports.

  • Perform monthly test restore of selected files to      ensure backup data is valid.

  • Record results in the Backup Testing Report.

Why:
A backup is only valuable if it can be successfully restored.

5. FILE SERVER MANAGEMENT PROCEDURES

5.1 File Server Access Control

What to Do:
Ensure the File Server is accessed only by authorized personnel.

How to Do It:

  • Only the IT Administrator may have administrator access      rights to the server.

  • All user accounts must have access based on job role      and department needs.

  • Shared folders must be protected with proper      permissions.

  • Server login credentials must never be shared with      non-IT staff.

  • Server must always be logged out when not in use.

Why:
To protect sensitive hotel data and prevent unauthorized system changes.

5.2 Server Security and System Integrity

What to Do:
Maintain the server in a secure and stable condition.

How to Do It:

  • Ensure antivirus and security updates are active and      updated regularly.

  • Ensure firewall protection is enabled at all times.

  • Ensure only licensed software is installed on the      server.

  • Review system activity logs monthly for unusual      behavior.

Why:
To reduce risk of cyber threats, malware infection, and data breaches.

5.3 UPS Power Supply Requirement

What to Do:
Ensure the File Server is protected by a UPS.

How to Do It:

  • File Server must be connected directly to an      Uninterrupted Power Supply (UPS).

  • UPS battery health must be checked monthly.

  • UPS must be configured for safe shutdown in case of      long power outage.

Why:
To prevent sudden shutdowns, data corruption, and hardware damage.

5.4 Server Storage Capacity Monitoring

What to Do:
Monitor server drive capacity regularly.

How to Do It:

  • Server storage usage must never exceed 75% of total      capacity.

  • IT must review drive usage weekly.

  • If storage reaches 70%, IT must report to management      and plan cleanup or expansion.

  • Old unnecessary files must be archived or deleted only      with department approval.

Why:
To ensure stable performance and prevent server crashes due to insufficient space.

6. BACKUP FAILURE PROCEDURE

What to Do:
Respond immediately if a backup fails.

How to Do It:

  • Review error report from backup software.

  • Attempt to rerun the backup within 24 hours.

  • If the issue continues, notify external IT support      company immediately.

  • Record the failure and corrective action in the Backup      Logbook.

  • Inform General Manager if backup failure continues      beyond 48 hours.

Why:
To ensure hotel data is continuously protected without interruption.

7. DATA RESTORE REQUEST PROCEDURE

What to Do:
Restore files when requested by authorized department heads.

How to Do It:

  • Request must be approved by the Department Head.

  • IT Administrator must confirm the file name, folder      location, and date required.

  • Restore must be completed as soon as possible depending      on urgency.

  • Restored data must be verified by the requesting      department.

  • Restore action must be recorded in the Restore Logbook.

Why:
To ensure proper control, accuracy, and data confidentiality.

8. DOCUMENT CONTROL AND RECORD KEEPING

The IT Department must maintain the following records:

  • Backup Logbook

  • Offsite Backup Logbook

  • Backup Software Reports (Backup Exec reports)

  • Monthly Restore Testing Reports

  • Incident Reports related to backup failure or server      issues

All logs must be kept for at least 12 months.

9. COMPLIANCE

Failure to follow this SOP may result in operational risk and data loss. All IT personnel must follow this SOP strictly, and any deviation must be reported to the IT Manager and General Manager immediately.

CPD Accrediation
UK Learning provider

128 City Road, London, EC1V 2NX

United Kingdom

  • Facebook
  • LinkedIn

Europe Hotel School is operated by Cambridge Hospitality LTD London  United Kingdom with registration number 14997176 and VAT registration number is 452 2702 18. Europe Hotel School trademark registration under Cambridge Hospitality LTD No. UK00003966509.

Privacy Policy & Terms

​

bottom of page