Backup Policy

Introduction and Scope

Introduction

The purpose of this policy is as follows:

• To safeguard the information assets of the SPORIFY web application.

• To prevent the loss of data in the case of an accidental deletion or corruption of data, system failure, or disaster.

• To permit timely restoration of information and business processes, should such events occur.

• To manage and secure backup and restoration processes and any media employed in the process.

This policy applies to all servers in the SPORIFY Cloud Environment

The retention periods of information contained within system level backups are designed for recoverability and provide a point-in-time snapshot of information as it existed during the time period defined by system backup policies.

Backup retention periods are in contrast to retention periods defined by legal or business requirements.

System backups are not meant for the following purposes:

• Archiving data for future reference.

• Maintaining a versioned history of data.

Scope

This policy, and supporting procedures, encompasses all system resources and supporting assets that are owned, operated, maintained, or controlled by CorrIT in support of the SPORIFY web application and all other system resources, both internally and externally, that interact with these systems.

Roles and Responsibilities

• CorrIT Ltd will ensure facilities are available.

• CorrIT Ltd will ensure sufficient backup storage, and backup operators, are available and shall take overall responsibility for trust adherence to this policy.

• CorrIT Ltd will ensure backup operators are available, check the backup log for completion, be responsible for the safekeeping and availability of all back-up data and logs.

• CorrIT Ltd will ensure backup logs are completed and signed in a timely manner and investigate any reported exceptions.

Policy

Objectives

This policy is set out to identify how CorrIT Ltd safeguards important information in case of data loss, and to outline backup schedules.

System Backup

SPORIFY is hosted by CorrIT Ltd on the Amazon Cloud (AWS) Platform inside the Amazon EU availability zone. ##### The AWS Services utilised by SPORIFY are:

• EC2 : Amazon Elastic Cloud Compute

• S3: Amazon Data Storage

• RDS: Amazon Relational Database Service

SPORIFY is hosted by Amazon Web Services on infrastructure located within the following regions:

• EU (Ireland) eu-west-1b (Primary)

• EU (Ireland) eu-west-1c (Secondary)

SPORIFY Web Servers

SPORIFY Web Servers hosted with Amazon EC2 will be backed up as follows:

• Daily automated snapshots of all SPORIFY web servers saved to Amazon Storage Volume (S3) at the EU (Ireland) eu-west-1c (Secondary) AWS region.

SPORIFY Databases

SPORIFY Database Servers hosted with Amazon RDS will be backed up as follows:

• Daily automated snapshots of the SPORIFY Database will be saved to an Amazon S3 storage volume (S3) at the EU (Ireland) eu-west-1c (Secondary)

Backup Window

Automated backups typically take no longer than 30 minutes to complete and occur daily during the defined backup windows below. If the backup requires more time than allotted to the backup window, the backup continues after the window ends, until it finishes. The backup window can't overlap with the weekly maintenance window for SPORIFY maintenance. During the automatic backup window, storage I/O might be suspended briefly while the backup process initializes (typically under a few seconds). You may experience elevated latencies for a few minutes during backups.

The following table lists the backup window time blocks for each Amazon availability zone available to SPORIFY services.

Backup Retention Period

This policy refers to how long SPORIFY backups are kept (their retention). Daily backups are kept for 35 days using Amazon S3 storage volumes. No backups are saved beyond this retention period.

Log File Retention Period

This policy refers to how long Amazon AWS log files are kept (their retention). AWS log files may be retained for up to one year for proper administration of systems and statistical analysis of log data.