Hire Now
Log In

Backup Policy

Overview

Objective

The purpose of the Backup and Restore Procedure is to maintain the integrity and availability of information, processing, and communications services of Edge Services and Solutions LLC (herein after called the ‘Company’) and all its subsidiaries’.

Scope and Applicability

This procedure scope includes all the information and associated assets covered within the scope of Information Security Management System (ISMS).

This procedure is applicable to all Company and all its subsidiaries’ information assets, employees, vendors and contractors, who have access to Company information.

Backup

Backup Data and schedule

  • As a best practice, region-wise full snapshot backup of all the cloud-resources shall be taken which covers Database, Applications, Operating system and its configuration settings.
  • Daily full snapshot backup will be taken with a retention period of 7 days.
  • Automatic Backup shall be scheduled for a fixed time every day and the status of the same shall be monitored by Infra Security team
  • Status of the backup shall be filled on regular interval basis in back-up status register by one of the Infra-IT personnel and the same shall be approved by the other Infra-ITpersonnel

Re-run procedures

The system administrator will undertake the following action if the backup job is failed.

S No

Error message

Problem description

Re-run procedure

1

Policy

The backup storage is full.

  1. The backup job will be cancelled manually.
  2. Space for storage has to be enhanced.
  3. The      backup      job      will be modified and the destination of the media is set if needed.
  4. The job is then re-run.

2

Server restart

Where any of the servers defined under the object for backup restarts accidentally during backup run.

  1. The administrator will wait till the server gets restarted.
  2. Once the restart is complete, the backup job will be modified in the backup server

1. The backup job is then re-run.

3

Server Crash

The backup server crash

  1. The backup software will be installed.
  2. The backup process and scheduled will be set
  3. The Backup database will be restored from the previous day backup media.

5. The backup is then re-run.

4

Out of memory      error

Temporary storage inside the server are getting full due to storage of logs from all the microservices

Optimize the process to be less memory extensive. Or increase memory provisioning


Storage of Backup

Cyber Security Manager shall perform audits of backup on a Quarterly basis to ensure that backups are taken as per the procedure and maintained properly.

On-Site Storage
  • On-site data backup shall be maintained with strict access control restrictions. External Hard drive backup shall be stored in fire proof cabinet and controls shall be in place to ensure physical protection against theft, fire and other threats applicable to the storage.
  • The key to the cabinet shall be available only with the ADMIN Manager and with the Cyber Security Head for emergency.

 

Recovery Procedures

Backup Restoration

  • If restoration of a backup is required due to data loss or due to specific requirements, the user shall raise a request for restoration via ITSM tool (JIRA) and the same shall be approved by the Cyber Security Head along with application/data owner. Cyber Security Head and application/data head shall ensure that the user has the right to access the data requested for restoration prior to approving the request.
  • For testing purposes, IT Department personnel shall carry out the restoration process but shall raise the ITSM ticket and should mention the process that shall be carried out for testing. The status of the restoration shall be recorded and the restoration logs shall be maintained.
  • The restoration logs shall be maintained and shall be approved by the respective application owners / process owners.
  • For restoration of emails, a restoration request shall be raised via ITSM with the IT department after obtaining approval from the Cyber Security Head.
  • A log shall be maintained by the IT department, containing the date and time along with the name and signature of the person who requested for the restoration of the data.

Restoration Testing

  • Whenever the Organization upgrades/replaces backup device hardware, data stored on existing backup media is to be transferred to backup media readable by the new backup device hardware.
  • To verify the readability of backup media, readability, mock restoration tests shall be carried out, at least once in 3 months for monthly backup, on separate test servers to ensure that they are effective and that they can be completed within the time allotted in the operational procedures for recovery.
  • The entire process shall be documented detailing the test plan, the activities to be carried out and the test results. The test plan shall be prepared in advance and essentially include using the restored data for application processing.
  • ndividual application owners shall raise request for restoration request and shall be restored through Change Request process. Regular restoration check shall be done on identified internal servers and confirmation is taken from the server owner for the data integrity.
  • The test plan shall be approved by the Cyber Security Head.
  • Testing shall be performed by the IT department. Results of the testing including details on the data that was backed up, information on the date and time of testing, information on whether the restoration testing was successful or unsuccessful shall be documented and a sign off by the backup performer shall be registered. Accurate and complete records of restoration procedures including logs shall be maintained.
  • Cyber Security Head shall verify the documentation and check the test results at end of the restoration exercise. Any Exceptions during restoration testing shall be handled via incident management process.
  • It shall be ensured that the restored data is deleted from the test servers after successful completion of testing.