15. HealthSafe Backup Policy




BACKUP POLICY



Document Identification 

HSNZ/POL/15

Document Name

Backup Policy

Master Copy

CISO

Version Number

1.3

Date Of Release 

15 Aug 2023

Prepared By

Eparama Tuibenau

CISO

Approved by

Kevin McAfee

Managing Director


 


VERSION HISTORY


Sl No

Version No.

Prepared by

Approved by

Description of Version

Date

Reason for Version Change

From

To

1

1.0

-

CISO

MD

First Release

14 Apr 2020 

No changes made

1

1.0

1.1

CISO

MD

Updated

26 Jun 2021 

Modifications due to changes in HealthSafe

1

1.1

1.2

CISO

MD

Reviewed

28 Jul 2022 

Annual review

1

1.2

1.3

CISO

MD

Reviewed

15 Aug 2023

Annual review


DOCUMENT STATUS


Date

Document Status

14 Apr 2020

Modified

26 Jun 2021

Reviewed

28 Jul 2022

Reviewed

15 Aug 2023

Current


Table of Contents

1 Purpose


2 Scope


3 Input


4 Output


5 Interacting Process


6 Abbreviations, Acronyms and Definitions


7 Procedure


8 Monitoring the Process


9 Records




  1. PURPOSE
    The purpose of this document is to establish and maintain a policy for backups for HealthSafe.

  2. SCOPE
    These procedures apply to all aspects of backup.

  3. ABBREVIATIONS, ACRONYMS AND DEFINITIONS

Abbreviation

Description

FH

Functional Head

IT

Information Technology Department

CISO

Chief Information Security Officer


4 INPUT


To backup business-critical user data and intellectual property data


5 OUTPUT

  • Production environment database backup every 30 minutes
  • Development, production, and test environments databases and files backed up every 24hrs
  • Production files are backed up once a week
  • AMI image server backup every 5 days

6 INTERACTING PROCESS

  • IT 

7 PROCEDURE

  • The IT team has automated the AWS backup process for Source Code, DB, and User Documents stored with HealthSafe NZ server located in Sydney AU.
  • A Backup Log is maintained to ensure the successful completion of backup jobs and for recovery restoration.

Testing of Backup and Scheduled restoration


The IT Team shall verify the backup of critical servers and devices, and applications on a regular basis to ensure the integrity and accuracy of the backup. 


On completion of the restoration process, the files should be checked and integrity verified.  On satisfactory completion of the restoration process.



8 MONITORING THE PROCESS

  • Ensuring the backup set is available and accessible at all times

9 RECORDS

  • Backup log