Data Recovery & Restoration

1.0 Purpose

To minimize security and business continuity risks associated with data loss by defining a sound backup regime for all the data services. The purpose of this policy aims to provide means to:

• - To define and apply a clear backup and restore standard for all corporate information systems.
• - To define backup and recovery standards per data prioritization.
• - To prevent the loss of data in the case of accidental deletion or corruption of data, system failure, or disaster.
  

2.0 Scope

This policy applies to all information systems owned or operated by Pelcro. It also applies to the entire IT infrastructure of Pelcro and all employees, contractors, and third-party vendors, who have access to IT assets of Pelcro and may be bound by contractual agreements.

3.0 Policy

• - All user-level and system-level information maintained by Pelcro shall be backed up periodically. The backup media (if exists) and backup copies shall be stored with sufficient protection and proper environmental conditions.
  
• - The frequency and extent of backups must be in accordance with the importance of the information and the acceptable risk as determined by the data owner.
  
• - The backup and recovery process for each system along with defined roles and responsibilities must be documented and periodically reviewed.
  
• - Physical access controls implemented at offsite backup storage locations (if applicable) must meet or exceed the physical access controls of the source systems. Additionally, backup media must be protected in accordance with the highest sensitivity level of information stored.
  
• - Backup copies of operating systems and other critical information system software shall not be stored in the same location as the operational software.
• - Backups must be periodically tested to ensure that they are recoverable and verify data integrity.
  
• - Access to backup data/ media must be reviewed annually or when an authorized individual leaves Pelcro.
  
• - Backup information shall be selectively used to restore information system functions as a part of the business continuity process.
  
• - Procedures between Pelcro and the offsite backup storage vendor(s) must be reviewed at least annually.
  
• - All backup data must be stored encrypted using strong encryption mechanisms.
  
• - Backups will include all source code, data, structure, configurations to re-create a production environment within a matter of hours
• - Pelcro IT department is responsible for the backup of corporate information systems. The DevOps team is responsible for the backup of all customer production environments.
• Below is the backup retention schedule:
  • 1- Retain daily backups for 30 days
  • 2- Retain weekly backups for 8 weeks
  • 3- Retain monthly backups for 4 months
  • 4- Retain yearly backups for 10 years

3.1 Review and Testing

On a regular basis, log information generated from each backup job will be reviewed for the following purposes:

• - To check for and correct errors.
• - To monitor the duration of the backup job.
• - To optimize backup performance where possible.

IT and DevOps teams will identify problems and take corrective action to reduce any risks associated with failed backups.

• - Random test restores will be done at least once a year in order to verify that backups have been successful.
• - IT will maintain records demonstrating the review of logs and test restores so as
• - to demonstrate compliance with this policy for auditing purposes.