(Drafted March 2026. Pending Governing Board Approval)
Backup & Recovery Standard
1. Purpose
This standard defines expectations for backing up and restoring critical Colearn Academy systems and data to support continuity of operations in the event of data loss or system disruption.
2. Scope
This standard applies to identified critical systems and data stores that are under Colearn Academy’s control or for which the School coordinates backup arrangements with service providers.
Operating context: Colearn Academy has no physical building and no school-owned hardware. Critical systems and data are cloud-based; backup and recovery arrangements are with cloud and software providers.
3. Identification of Critical Systems and Data
3.1
Colearn Academy will identify systems and data that are critical to instructional and administrative operations (for example, student information, learning systems, and key financial and operational records). The School maintains backups of essential cloud data and of learning management system (LMS) data, consistent with the critical systems and data identified under this standard.
3.2
Essential cloud data and LMS system data are in scope for backup and recovery. Backup arrangements may be provided by the School’s cloud and LMS vendors or by separate backup services; the Information Security Lead or designee will ensure that backup coverage for these systems is in place and documented.
4. Backup Practices
4.1
Critical systems and data will be backed up on a regular schedule appropriate to their importance and rate of change, using methods supported by the School’s tools and vendors.
4.2
Backups must be protected via physical security or encryption when stored and when moved across the network. This includes remote backups and backups held by cloud services. Colearn Academy does not operate its own backup infrastructure; the School’s backups are held by cloud providers, LMS vendors, or third‑party backup services. The onus for implementing encryption (at rest and in transit) and physical security of backup storage and facilities lies with those providers. The School will ensure that backup and cloud service providers used for critical systems and data implement appropriate protection—including encryption of backup data in transit and at rest and physical security of backup storage—through vendor selection, contract or agreement language, and verification of provider practices where feasible.
4.3
Colearn Academy primarily uses cloud‑hosted (SaaS) platforms. For those systems, the School relies on the providers’ built‑in backup and data‑recovery capabilities and documents key retention and restore options made available by the provider.
4.4
For critical data sets (for example, core SIS and LMS records), the School will maintain at least one additional recovery copy by performing periodic exports to a logically separate storage location with restricted access. This separate copy is not used for day‑to‑day operations and is intended to serve as an isolated recovery source in the event that primary data or provider‑managed backups are unavailable or compromised.
5. Restoration and Testing
5.1
The School will periodically test the ability to restore data from backups for at least select systems or data sets, as resources allow.
5.2
Procedures or notes for restoring critical systems or data should be documented and accessible to appropriate personnel during an incident.
6. Review
This standard will be reviewed at least annually and updated as needed to reflect changes in systems, priorities, or available backup options.