Version: Set 2020
|Set 2020||Publish Backup Policy as Separated Document||ANB||SS|
Data must be protected, stored in a secure environment and backed up regularly.
Backup Policy & Security
- Backups will run automatically every 2 hours
- Backups will be archived (cold storage) after 24 hours
- Backups will be permanently excluded (hard delete) after 30 days
Backup security follow the security guidelines, refer to main security document
|Encryption at rest||Backup data must be encrypted using unique encryption keys.|
Keys must be stored in a secure enclave HSM hardware.
This ensures that data is not readable by an unauthorized person in the event that the files are compromised.
With encryption at rest databases encrypt the data before storing it into disk
HSM keys access must be protected by IAM keys.
|Unique access keys||IAM Access keys required to upload and retrieve backup data must be performed different, and separated access roles|
|Cluster isolation||Backups from production environments must be stored in separated buckets|
|Deletion||Backup data must be automatically, permanently deleted after 30 days|
|No physical medium||Backups are only stored in digital archives, no physical medium such as tapes, disks, external hard drives should be used|