合规的备份介质是啥,同一台 PC 中的 Raid 1 或 Copy 属于合规的备份介质么?

文摘   2024-08-06 06:51   辽宁  

1. 开头

最近遇到一个很现实的问题,同一台 PC 中的 Raid 1 或 Copy 属于合规的备份介质么,要不要记录在备份介质清单里。

那么,概念不清先问法规和指南,先剧透同一实体内的容灾/复制/高可用并不属于“备份”这个概念

1.1 FDA DI guideline Question 1.4 "Temporary backup copies (e.g., in case of a computer crash or other interruption) would not satisfy the requirement in § 211.68(b) to maintain a backup file of data."正如 FDA DI 指南问题 1.4 “临时备份副本(例如,在计算机崩溃或其他中断的情况下)并不满足§211.68(b)中关于维护数据备份文件的要求。

1.2 GAMP5 2nd

备份存放位置应该与原始物理位置不同,应该考虑各种风险……

1.3.来自ISPE的回复以及总结

此外,小弟最擅长摇人,摇各种行业巨佬,以下先总结下,具体回复内容在下面节选了一些。

大佬回复指出这些场景并不满足“备份”要求,强调备份应确保数据的完整性和可用性,且应存储在外部介质上。另推荐3-2-1备份方法,即3份数据副本、2种不同介质和1份异地存储。备份应该考虑面对灾难时重建系统的能力,故此不应物理意义上百分百重叠。

此外,关于经典的备份原则“321”,有很多合规老师咨询过其出处,感谢数据保护二十年的专家steven给出解答,来自某摄影师……哈哈哈……玩摄影的果然需要数据安全和备份(一个古老的梗)……




2.来自ISPE的回复

西门的问题:

As FDA DI guideline Question 1.4 "Temporary backup copies (e.g., in case of a computer crash or other interruption) would not satisfy the requirement in § 211.68(b) to maintain a backup file of data."正如 FDA DI 指南问题 1.4 “临时备份副本(例如,在计算机崩溃或其他中断的情况下)并不满足§211.68(b)中关于维护数据备份文件的要求。

So i have three scenarios as 所以我有三种场景作:

1. Data cpoy from Drive C to Drive D(in the same PC) via auto batch
通过自动批处理脚本将数据从 C 盘复制到 D盘(在同一台 PC 中)

2. Raid 1 

3. High Avialable like two nodes with data transfer 
高可用性,如两个节点,具有数据传输功能

So do you think above three scenarios  is one "backup"  mean(which complies with Regulation requirements)?If it is,how write its media?
那么,您认为上述三种情况是否是一种“备份”方式(符合法规要求)?如果是这样,如何定义其介质是什么?


大佬回复1:

Hi Simon, 嗨,西蒙,

I agree that the FDA statements related to backup are not really clear.
我同意FDA关于备份的声明并不是很清楚。

Here is a, hopefully, better definition:
希望这里有一个更好的定义:

  • Backup is the process of copying records, data, configuration, and software to protect against loss of integrity or availability of the original.
    备份是复制记录、数据、配置和软件的过程,以防止丢失原始文件的完整性或可用性。

  • Backup purpose is to protect the system against damages and failures.
    备份目的是保护系统免受损坏和故障。

  • Backup is a short term process.
    备份是一个短期过程。

Backup 备份

In order to achieve the objective to protect data against loss and damages, the data must be copied on an external media. The latter could be an removable drive, a network partition, or a central backup server repository. The most important requirement is to ensure the consistency of the backed-up data in order to make possible to restore them. In particular in case of database-based data, measures must be identified and implemented to secure data consistency, otherwise the backup data set is useless.
为了实现保护数据免遭丢失和损坏的目标,必须在外部介质上复制数据。后者可以是可移动驱动器、网络分区或中央备份服务器存储库。最重要的要求是确保备份数据的一致性,以便能够恢复它们。特别是在基于数据库的数据的情况下,必须确定并实施措施来确保数据的一致性,否则备份数据集将毫无用处。

Backup SHALL NOT be confused with archiving.
不应将备份与存档混淆。

  • Backup is process for securing data (including their integrity) on a short term base.
    备份是在短期内保护数据(包括其完整性)的过程。

  • Archiving is a process for securing long term availability and readability of the data required to be retained.
    存档是确保需要保留的数据的长期可用性和可读性的过程。

Copy from C to D
从 C 复制到 D

The only (valid) reason for copying data from one local partition to another local partition is the ability to generate a local snapshot which can be performed relatively quickly if locally performed, and afterwards to backup the snapshot data from D to an external media/repository.
将数据从一个本地分区复制到另一个本地分区的唯一(有效)原因是能够生成本地快照,如果在本地执行,则可以相对较快地执行该快照,然后将快照数据从 D 备份到外部媒体/存储库。

You must be aware that such a local process does not really protect data against damages since a hardware failure will impact all data stored on the same hardware and, in case of malware attacks, all locally stored data will be compromised.
您必须意识到,这样的本地进程并不能真正保护数据免受损坏,因为硬件故障会影响存储在同一硬件上的所有数据,并且在发生恶意软件攻击时,所有本地存储的数据都将受到损害。

It is the reason why the data MUST be backed-up on an external media/repository.
这就是为什么数据必须备份到外部媒体/存储库上的原因。

AND, after the backup is performed, this external repository MUST be unmounted; i.e. in case of the system would be compromised, the backup-up data sets would not be accessible and become compromised as well.
并且,在执行备份后,必须卸载此外部存储库;也就是说,如果系统受到损害,备份数据集将无法访问并且也会受到损害。

RAID 1 RAID 1 磁盘阵列

A RAID 1 configuration requires to have, at least, two physical disks, these disks will be mirrored in real time.
RAID 1 配置至少需要有两个物理磁盘,这些磁盘将实时镜像。

Long story short, with RAID 1 it is only possible to increase the availability of the system, as long as the system has not been compromised. RAID 1 will make possible to survive to a disk failure, but not if the data have been compromised.
长话短说,使用 RAID 1 只能提高系统的可用性,只要系统没有受到损害。RAID 1 可以在磁盘故障后继续存在,但如果数据已泄露,则无法幸免于难。

RAID 1 CANNOT replace a backup process.
RAID 1 无法替换备份进程。

High availability based on cluster
基于集群的高可用性

Again, such a configuration is only helpful for improving the overall system availability but it will not improve in anyway the protection of the data against damages. If one of the cluster nodes has been compromised the data shared by the nodes are compromised as well.
同样,这样的配置仅有助于提高整体系统的可用性,但无论如何都不会改善对数据的损害保护。如果其中一个集群节点遭到入侵,则节点共享的数据也会遭到入侵。

Improving system availability is not equivalent to improving data protection!
提高系统可用性并不等同于提高数据保护!


Don't forget that backup & restore processes must be validated; i.e. they must have been formally tested and verified (ideally during the initial qualification/validation activities):
不要忘记备份和恢复过程必须经过验证;即,它们必须已经过正式的测试和验证(最好是在初始资格/验证活动中):

  • Ability to generated backup
    能够生成备份

  • Ability to restore the backed-up data
    能够恢复备份的数据

  • Integrity verification of the backed-up data.
    备份数据的完整性验证。

 Additionally: 此外:

  • Backup processes must be accurately monitored.
    必须准确监控备份过程。

  • Backup & Restore processes must be trained and regularly exercised by the relevant personnel.
    备份和恢复过程必须由相关人员进行培训并定期进行练习。

    • Such exercises can be used for the supporting the regular monitoring/verification of these processes as required by Annex 11, 7.2.
      这些活动可用于支持附件11和7.2所要求的这些过程的定期监测/核查。


    回复2:

    The approach I have used, when feasible, is called the 3-2-1 approach.
    在可行的情况下,我使用的方法称为 3-2-1 方法。

    3 copies of the data
    3 份数据副本

    2 different types of "media"
    2 不同类型的“媒体”

    1 copy offsite
    1 份异地复印件

    It may seem a little complicated but it's not really.  The basic idea is that you should plan for the computer, or even worse, the entire building the computer is housed in, to go up in flames and be completely unrecoverable. How do you guard against this?  First, to guard against the single computer disaster you backup your data to something that is not located in the computer.  This could be something as simple as a USB drive attached to the computer or even better, network storage within the same building or campus.  The second step is the most critical.  Replicate the backup to somewhere outside the building, or even better, off the company campus.   For most people this would be the cloud.   Why would you back to a local USB (or network storage) instead of straight to the cloud?  It will typically be faster to recover from local backups in the most common scenario which is that the computer needs a simple restoration.
    这可能看起来有点复杂,但事实并非如此。基本思想是,你应该为计算机,或者更糟糕的是,计算机所在的整个建筑物进行计划,使其在火焰中燃烧并且完全无法恢复。你如何防范这种情况?首先,为了防止单台计算机灾难,您将数据备份到不在计算机中的内容。这可以是像连接到计算机的 USB 驱动器一样简单的东西,或者更好的是,在同一建筑物或校园内的网络存储。第二步是最关键的。将备份复制到建筑物外的某个位置,甚至最好复制到公司园区外的某个位置。对于大多数人来说,这将是云。为什么要回到本地 USB(或网络存储)而不是直接到云端?在最常见的情况下,从本地备份中恢复通常会更快,即计算机需要简单的还原。

    @Yves Samson, thanks for pointing that out, and yes I did leave some detail in the middle out of the discussion for simplicity to illustrate the basic point that you should look to get your backed up data "off site" or at least "out of the building" in some way.  There are certainly technical solutions to moving data from OT systems to the cloud through a few hops even if they do cause some operational complexity and cost.
    @Yves Samson,感谢您指出这一点,是的,为了简单起见,我确实在讨论中间遗漏了一些细节,以说明您应该以某种方式“离开现场”或至少“离开建筑物”获取备份数据的基本观点。当然,有一些技术解决方案可以通过几跳将数据从 OT 系统移动到云端,即使它们确实会导致一些操作复杂性和成本。


回复3


None of the above qualifies as a backup, sorry. 🫤
对不起,以上都不符合备份条件。🫤

The good news is: It's not rocket science, any seasoned IT person will know how to do it. Instead of providing THE answer, my recommendation is to search reliable sources on the internet for terms like 'backup strategy' ...
好消息是:这不是火箭科学,任何经验丰富的 IT 人员都会知道如何去做。我的建议不是提供答案,而是在互联网上搜索可靠的来源,寻找诸如“备份策略”之类的术语......

(Well, the German BSI may be one of the better sources: Backups – what's the best approach?. And no worries, while the URL comes in German, the content is in English 😉)
(好吧,德国的 BSI 可能是更好的来源之一:备份 - 最好的方法是什么?不用担心,虽然URL是德语的,但内容是英文😉的)



回复4:

Backups of data are needed to rebuild the entire system…. In case of disaster.  
需要备份数据来重建整个系统。万一发生灾难。

Disaster might be simple, like a disk failure, in that case a Raid solution might solve the issue.
灾难可能很简单,例如磁盘故障,在这种情况下,Raid解决方案可能会解决问题。


However, it also might be more widespread.  Computer ransom, data ransom, earthquake, floods or fire are just quick examples I thought of. You will likely think of a lot more, with a bit of 'critical thinking'
但是,它也可能更广泛。计算机赎金、数据赎金、地震、洪水或火灾只是我想到的快速示例。你可能会想到更多,有一些“批判性思维”

The answer to your question lies in "Would this IT based solution help me rebuild all my data in case of ……?"
您的问题的答案在于“这种基于 IT 的解决方案能否帮助我在发生......时重建所有数据?

Apart from hard disk failure, I feel your suggested solutions might fall short of a solution to protect your very valuable data.
除了硬盘故障之外,我觉得您建议的解决方案可能无法保护您非常有价值的数据。

(N.B.  Having worked with solutions where data backup may need to be reinstalled into updated versions of software, IT / fie based 'backups' become even less useful. Can you restore your contents from a BlackBerry phone into an iPhone????)
(注:N.B. 在使用可能需要将数据备份重新安装到软件的更新版本的解决方案中后,基于 IT/fie 的“备份”变得更不有用。您可以将内容从黑莓手机恢复到 iPhone 吗????)


闲话一二

啪啪啪一段字,上班去,又是元气满满的一天。最近在思考,怎么培养小朋友们的“critial thinking”,法规和指南包已经传承,剩下的就是告知他们第一时间,先高效查询……我之前的头何老师,跟我说过一句话,要把自己所知的技巧,慢慢复制出来……慢慢的复制吧……Peace & Love




BasicPharma搬砖工
散修,非团队,非咨询公司,西门君个人的学习笔记,欢迎交流学习申明:所有文章,均为西门君本人一人所思所想,与任何企业/组织/个人,无关,可能不全面,也在变化,请谅解。
 最新文章