Backup & Recovery Policy and Procedure

 

Scope

The Backup & Recovery Policy and Procedure shall be applied to all critical information systems and services that fall within the scope of Evercam ISMS.

1. Policy statement

Evercam is committed to ensuring the availability, integrity, and security of our ICT systems and data. As such, regular and reliable backups are essential to mitigate information security risks and threats. Evercam ensures that all essential business information and software are backed up to allow recovery from

This policy outlines the procedures and responsibilities for implementing and maintaining a comprehensive backup and recovery strategy in line with our business, legal, regulatory, and contractual requirements.

Key points

Responsibilities

All users have an individual responsibility to ensure that:

Paper-Based Data

All Essential Company data whose master copy is in paper format is stored in the following locations:

Electronic-Based Data

It is the responsibility of each user to ensure that electronic-based data is properly stored to ensure backup and recovery. The appropriate manager is responsible for ensuring that suitable backup & recovery procedures are in place. For a summary of Evercam key electronic system backups refer to the table below. 

 

Evercam core systems backups 

System

Type of data

Location

Frequency of backup

Person in charge

Zoho People

Employee data

Cloud and Zoho data centres 

every 7 days

Director of Support

Zoho Email

Employee and customer data

Cloud and Zoho data centres 

Evercam has an e-discovery policy enabled for email which means that all emails even if they have been deleted are retained. A default retention policy is enabled which states that all emails (including spam/deleted) will be retained for 365 days.

Director of Support

Zoho CRM

Customer data

Cloud and Zoho data centres 

2 times a month

Director of Support

Zoho Analytics

Customer and employee data

Cloud and Zoho data centres 

every 7 days

Director of Support

Google Drive

Customer and employee data

Cloud and Google data centres 

real-time

Director of Support

GitHub

Evercam Source code

Cloud and data centres in USA (Seattle and Northern Virginia)

real-time

CTO

Hetzner Servers

Customer data (recordings)

Hetzner: Am Datacenter-Park 1, 08223 Falkenstein/Vogtland, Germany

ZFS File System is in place Additional backup in edge Evercam kits storage (NVR)

CTO

Heroku Servers

Customer data

Amazon AWS cloud datacenter in Ireland

every 7 days

CTO

AWS Servers

Customer data (users’ passwords and credentials, projects, links between cameras and users, and events managed by the Evercam platform)

AWS: Burlington Rd, Dublin 4, D04 HH21, Ireland

Database servers on AWS are managed by Heroku, and automatic backups are included in the AWS Plan (SLA).

CTO

 

2. Backup and Recovery Procedure 

In line with our ISMS Evercam follows the Business Continuity Policy and Incident Response Procedure in the event of disasters, data loss, cyber-attacks, hardware, media, and/or system failures etc. To recover from such a situation one must escalate through a series of procedures until a satisfactory restoration is met. As Evercam is a remote-first company this procedure covers the backup and restoration of electronic data held on external servers. Paper-based data is NOT covered by this procedure. 

Responsibility

It is the Technology Lead and Director of Support responsibility to manage, monitor, and audit the backup and recovery procedures for data held on designated servers. 

Scope 

The backup and restore procedures are essential to our business. Their primary purpose is to aid in disaster recovery to minimize the amount of data lost after a disaster has occurred e.g.  equipment failure, data corruption, loss of power, etc. Their secondary purpose is to allow the recovery  of specific files requested by individuals. This document outlines the step-by-step procedures for conducting backups and performing data recovery in Evercam. These procedures are designed to ensure the availability, integrity, and security of critical data and systems.

Backup procedure 

1. Data Classification and Selection

Identify and classify data based on its criticality and importance. Prioritise critical systems, databases, source code, and user data for regular backups.

2. Backup Schedule

Please refer to the table above on p. 4. 

3. Backup Methods

Select an appropriate backup method:

4. Backup Execution

System administrators will initiate backups using the designated backup software or tools (contacting a dedicated support contact for third-party systems) 

5. Ensure backups are stored in designated backup storage locations

Types of backup retention:

Regularly monitor and manage backup storage to ensure sufficient space.

6. Offsite Storage

Store a copy of backups off-site in a secure and controlled environment. Maintain a documented inventory of off-site backup storage.

Email backup 

Evercam has enabled eDiscovery, Email Retention, and backup for our Zoho mail server.  An email retention policy and eDiscovery help Evercam to stay compliant with retention laws, handle lawsuits and litigations, avoid witness tampering, and investigate theft of information or contractual disputes. 

In summary, our email backup is:

Database (server) backup 

Evercam database covering users’ passwords and credentials, projects, links between cameras and users, and events managed by the Evercam platform is backed up in AWS servers automatically with Heroku as the main interface to manage backups. The availability and durability levels of the AWS backups are guaranteed through SLA. 

Evercam follows a two-fold strategy:

  1. The database is backed up in regular intervals: weekly (managed by Heroku and stored in AWS).
  2. A real-time copy of each second of the last 4 days is generated every 4 days (managed by Heroku and stored in AWS).

The customer recordings from the site are stored in Hertzner servers. To ensure the backup full frame recordings can be retrieved from hard drives and NVR installed locally in the Evercam kit on site. These can be accessed remotely to retrieve the necessary data. To monitor the performance Evercam relies on Grafana as a tool to query and visualize logs and metrics. It allows us to control our hard drives’ performance metrics remotely. Grafana is used daily by our Dev team. Evercam relies also on Prometheus as a system that alerts DevOps (via email) about issues and irregularities (when a metric is going above/beyond a threshold) when it comes to our hard drives. Prometheus is used to collect metrics from servers (CPU, Memory, Network, and Storage).

Emergency response

In case of emergency (hardware issues such as loss of a hard drive) the procedure is to email Hetzner support system support@hetzner.com

Code backup 

Evercam source code is stored on Github with Cloud servers located in the USA (Seattle and Northern Virginia). Regular automated backups of code repositories are performed in real-time. Backups must be encrypted during transmission and storage to protect sensitive code and data from unauthorized access. Periodic restoration tests should be conducted to ensure the viability of backups for recovery purposes.

Developers are responsible for committing their code to the designated repositories and ensuring that the code is up-to-date. Regular commits reduce the risk of code loss.

By adhering to this Code Backup Policy, we aim to maintain the integrity of our code repositories and enable swift recovery in the face of data loss or other unforeseen events. This policy underscores our commitment to data security, continuous availability, and the overall success of our development efforts.

Recovery Procedures

1. Data Restoration

In case of data loss or system failure, follow these steps for data recovery:

2. Disaster Recovery

In the event of a larger-scale disruption, such as a system-wide failure or disaster, follow these steps:

To identify the best recovery methods to use, the following data is required:

Depending on the answers above, the best recovery method is applied. Time is important and the quicker the loss/corruption is found, the quicker the recovery will be.

Testing and Monitoring

Backup Testing

Regularly perform test restores from backups to ensure data recoverability. Document and address any issues identified during testing.

Backup Monitoring

Continuously monitor backup logs for any failures or errors. Investigate and resolve backup issues promptly.

Documentation and Reporting

Maintain comprehensive documentation of backup and recovery procedures, including schedules, methods, and test results. Provide regular reports to management on the status of backups, recoveries, and any incidents.

Training

Ensure that system administrators are trained on the proper execution of backup and recovery procedures. Conduct regular training sessions and refresher courses as needed.

Review and Update

Regularly review and update this procedure to reflect changes in technology, data needs, and company requirements.