Purpose
In order to ensure business continuity in the event of information on Social Workshop Ltd’s systems being destroyed or corrupted, it is vital that the server and associated systems and data are backed up regularly and reliably.
Application Backups
Customer Data
Social Workshop Ltd stores customer data in a secure production account on AWS, using a managed RDS MySQL database.
Social Workshop Ltd performs automatic backups to Amazon S3 of all customer and system data to protect against catastrophic loss due to unforeseen events that impact the entire system. By default, Amazon S3 provides durable infrastructure to store important data and is designed for durability of 99.999999999% of objects.
An automated process will back up all data to a separate region in the same country (e.g. EU West 2A to EU West 2B). By default, data will be backed up daily. The backups are encrypted in the same way as live production data using industry standard AES-256 encryption. Backups are monitored and alerted by AWS Cloudtrail.
Source Code
Social Workshop Ltd stores its source code in git repositories hosted by Github. Source code repositories are backed up locally on a daily basis. In the event that Github suffers a catastrophic loss of data, source code will be restored from the local backups.
Cloud Service Backups
Social Workshop Ltd has benefitted from beginning operations in a time where cloud computing is mature, and offers benefits which weren’t possible with more traditional computing environments. Therefore, cloud services are carefully selected and utilised wherever possible.
Cloud services always come with a Service Level Agreement (SLA) which must be read and the impact of it must be understood by the Compliance Team. Company controlled backups are not necessary where the service being utilised by the business comes with an acceptable SLA, meaning that data loss is only an outside possibility.
Where services cannot be consumed which already include backups, the company’s backup policy for online cloud services is as follows;
- Data assets must be backed up every day
- Backups must occur within a predictable backup-window
- Backups must be kept for a minimum of 1 week from the date of completion
- Backups must be encrypted in transit and at rest
- Backups must be tested every year to ensure their consistency and reliability
Workstation Backups
It is never permissible to keep the only copy of critical company data on a workstation or endpoint, therefore backups are not mandated for workstations.
However, the use of company provided cloud services such as Google Drive should be encouraged, since these are cloud-managed services and so include backups.
Revision History
| Version | Date | Description of Changes |
|---|---|---|
| V1 | August 16th, 2022 | Initial Creation |
| V2 | August 30th, 2022 | Publication |
