Data Recovery & Restoration
1.0 Purpose
To minimize security and business continuity risks associated with data loss by defining a sound backup regime for all the data services. The purpose of this policy aims to provide means to:
- - To define and apply a clear backup and restore standard for all corporate information systems.
- - To define backup and recovery standards per data prioritization.
-
- To prevent the loss of data in the case of accidental deletion or
corruption of data, system failure, or disaster.
2.0 Scope
This policy applies to all information systems owned or operated by Pelcro. It also applies to the entire IT infrastructure of Pelcro and all employees, contractors, and third-party vendors, who have access to IT assets of Pelcro and may be bound by contractual agreements.
3.0 Policy
-
- All user-level and system-level information maintained by Pelcro shall
be backed up periodically. The backup media (if exists) and backup
copies shall be stored with sufficient protection and proper
environmental conditions.
-
- The frequency and extent of backups must be in accordance with the
importance of the information and the acceptable risk as determined by
the data owner.
-
- The backup and recovery process for each system along with defined
roles and responsibilities must be documented and periodically
reviewed.
-
- Physical access controls implemented at offsite backup storage
locations (if applicable) must meet or exceed the physical access
controls of the source systems. Additionally, backup media must be
protected in accordance with the highest sensitivity level of
information stored.
- - Backup copies of operating systems and other critical information system software shall not be stored in the same location as the operational software.
-
- Backups must be periodically tested to ensure that they are recoverable
and verify data integrity.
-
- Access to backup data/ media must be reviewed annually or when an
authorized individual leaves Pelcro.
-
- Backup information shall be selectively used to restore information
system functions as a part of the business continuity process.
-
- Procedures between Pelcro and the offsite backup storage vendor(s) must
be reviewed at least annually.
-
- All backup data must be stored encrypted using strong encryption
mechanisms.
- - Backups will include all source code, data, structure, configurations to re-create a production environment within a matter of hours
- - Pelcro IT department is responsible for the backup of corporate information systems. The DevOps team is responsible for the backup of all customer production environments.
-
Below is the backup retention schedule:
- 1- Retain daily backups for 30 days
- 2- Retain weekly backups for 8 weeks
- 3- Retain monthly backups for 4 months
- 4- Retain yearly backups for 10 years
3.1 Review and Testing
On a regular basis, log information generated from each backup job will be reviewed for the following purposes:
- - To check for and correct errors.
- - To monitor the duration of the backup job.
- - To optimize backup performance where possible.
IT and DevOps teams will identify problems and take corrective action to reduce any risks associated with failed backups.
- - Random test restores will be done at least once a year in order to verify that backups have been successful.
- - IT will maintain records demonstrating the review of logs and test restores so as
- - to demonstrate compliance with this policy for auditing purposes.