Skip to main content

Backup Policy

Version: January 2021

Document history

January 2021Publish Backup Policy as Separated DocumentANBSIBS

Backup Guidelines

Data must be protected, stored in a secure environment and backed up regularly.

Backup Policy & Security

Backup Policy

  • Backups will run automatically every 2 hours
  • Backups will be archived (cold storage) after 24 hours
  • Backups will be permanently excluded (hard delete) after 30 days

Backup Security

Backup security follow the security guidelines, refer to main security document

Encryption at restBackup data must be encrypted using unique encryption keys.

Keys must be stored in a secure enclave HSM hardware.

This ensures that data is not readable by an unauthorized person in the event that the files are compromised.

With encryption at rest databases encrypt the data before storing it into disk

HSM keys access must be protected by IAM keys.
Unique access keysIAM Access keys required to upload and retrieve backup data must be performed different, and separated access roles
Cluster isolationBackups from production environments must be stored in separated buckets
DeletionBackup data must be automatically, permanently deleted after 30 days
No physical mediumBackups are only stored in digital archives, no physical medium such as tapes, disks, external hard drives should be used