configurations,  transaction  files,  operating  systems  and
            applications, patches, and reports.
            Backups need to be tested to ensure that they will work when
            needed. Keeping one set of backups offsite is a good idea to be
            prepared  for  the  loss  of  the  primary  information  processing
            facility. The traditional method of storing backups was on tape,
            but the tape is a rather slow process for data recovery.



            Third-Party Relationships
            Most  organizations  today  use  various  third-party  services  to
            support their business  operations.  These can range from  cloud
            providers  to  call  centers  and  payroll  service  companies  to
            offshore manufacturing.

            These relationships pose a unique set of challenges to the security
            manager. So when the organization's data or intellectual property
            is being held offsite, the organization must ensure that its data is
            being protected according to laws, policies, and best practices.

            The ownership of the data of the organization remains with the
            organization that received the data initially. This includes even if
            the data has been sent to another company. All contracts with
            third parties should address the ownership of, and responsibility
            for,  protection  of  the  data.  The  contract  should  address  what
            jurisdiction will be used for any dispute.

            When data is being sent offshore, the organization must verify
            that this is acceptable under data privacy laws. The laws of many
            countries  restrict  the  movement  of  their  citizens'  data  to  an
            offshore location.