| 1. A back-up plan shall be established, documented, and implemented for all systems recording audit records within your C&A boundary. |
2. The audit records shall be backed-up not less than weekly, and if possible, the back-up process should be automated.
3. The back-ups shall be saved to a different system or saved on a different media (e.g., disk, CD, tape) than the system being audited.