Backup & Restore Policy
Download PDF
Controlled copy — valid on date of download only
Internal Use
Backup & Restore Policy
Dispel
Document Control
| Item | Details |
|---|---|
| Version | 1.0 |
| Cadence | Annual |
| Policy Owner | Chief Technology Officer |
| Approved By | Chief Executive Officer |
| DCF References | DCF-3, DCF-10, DCF-11, DCF-13, DCF-21, DCF-22, DCF-25, DCF-26, DCF-27, DCF-28, DCF-29, DCF-30, DCF-32, DCF-33, DCF-38, DCF-39, DCF-40, DCF-41, DCF-42, DCF-43, DCF-44, DCF-45, DCF-46, DCF-47, DCF-48, DCF-49, DCF-51, DCF-52, DCF-53, DCF-54, DCF-55, DCF-56, DCF-57, DCF-58, DCF-60, DCF-72, DCF-73, DCF-74, DCF-75, DCF-96, DCF-99, DCF-100, DCF-134 |
1. PURPOSE AND SCOPE
1.1 Purpose
This policy establishes requirements for backup and restoration of Dispel and customer data to support business continuity and recovery from failures, corruption, or disasters.
1.2 Scope
This policy applies to:
- All Dispel-managed production systems, data stores, and repositories that create, receive, store, or transmit Dispel or customer data requiring backup.
- All backup infrastructure and storage locations (including cloud services such as AWS/Heroku and S3).
- Disaster recovery and restore capabilities for critical systems.
1.3 Regulatory and Framework Alignment
| # | Framework / Standard | Relevant Control IDs | Alignment Notes |
|---|---|---|---|
| 1 | SOC 2 | CC5.3, CC7.3, CC7.5 | Supports Trust Services Criteria related to availability, monitoring, incident response, and change management for backup and recovery. |
| 2 | ISO/IEC 27001 | A.5.29, A.5.30, A.8.13 | Supports Annex A controls for information security policies, business continuity, and backup. |
| 3 | NIST SP 800-53 | CP-1, CP-2, CP-3, CP-4, CP-6, CP-7, CP-8, CP-9, CP-10 | Implements Contingency Planning (CP) family controls for contingency planning, backup, alternate storage/processing, and testing. |
| 4 | IEC 62443 | 62443-3-3.SR7.1, 62443-3-3.SR7.2 | Aligns with requirements for backup, restore, and continuity of industrial/OT systems. |
| 5 | HIPAA | 164.308(a)(7) | Supports Security Rule implementation specification for data backup plan, disaster recovery plan, and emergency mode operations when ePHI is in scope. |
2. POLICY STATEMENTS
2.1 Management Commitment
Management Commitment Statement
Senior Management at Dispel is dedicated to the protection of our information assets, industrial control systems, and Protected Health Information (PHI). We assume full accountability for the effectiveness of our security program, ensuring it is integrated into all business processes and aligned with our strategic goals. To maintain compliance with ISO 27001, IEC 62443, HIPAA, and NIST 800-53, we formally commit to:
- Resource Provisioning: Providing the necessary financial, technical, and human resources to sustain a robust security posture.
- Risk-Based Governance: Approving security policies and overseeing a continuous risk management process that prioritizes both data privacy and operational safety.
- Operational Resilience: Supporting the security of industrial automation and control systems (IACS) to ensure safety and reliability.
- Continuous Oversight: Conducting regular management reviews to evaluate program performance, audit results, and opportunities for improvement.
2.2 Primary Policy Statement
Dispel SHALL maintain backup and recovery capabilities that:
- Meet business and regulatory requirements for availability and retention.
- Protect backups with appropriate encryption and access controls.
- Support timely restoration of systems and data in the event of incidents or disasters.
2.3 Secondary Policy Statements
At a minimum, Dispel SHALL:
- Maintain an inventory of systems and data in scope for backup and restoration.
- Ensure that backup coverage, frequency, and retention align with data classification and RTO/RPO requirements.
- Use only approved backup platforms and storage locations.
3. REQUIREMENTS
3.1 Backup Frequency and Coverage
Objective: Ensure that critical systems and data are backed up at a frequency that supports business continuity and regulatory requirements.
Mandatory Activities:
- Production databases and critical systems SHALL be backed up at least every 24 hours; higher-change databases SHALL be backed up more frequently as determined by Engineering / Operations.
- Backups SHALL include the data necessary to reconstruct the system or database state (e.g., snapshots plus WAL/base backups where applicable).
- Operational backups SHALL be retained for at least 30 days unless otherwise justified.
- Backup coverage SHALL be reviewed periodically to ensure new or changed systems are included.
Required Outputs:
- Documented backup configuration and schedules for each critical system.
- Backup job status records and dashboards.
Security Controls: CP-6, CP-9; SOC 2 CC7.x; ISO 27001 A.8.13.
Approval Required: Policy Owner.
3.2 Storage, Encryption, and Access Control
Objective: Protect backups from unauthorized access, disclosure, or tampering.
Mandatory Activities:
- All backups at rest SHALL use strong encryption (e.g., AES-256) with keys managed in accordance with the Encryption Policy.
- All backup traffic in transit SHALL use TLS 1.2 or higher.
- Backups SHALL be stored on highly available storage (e.g., encrypted S3 buckets) and, where appropriate, replicated across regions.
- Access to backup platforms and configurations SHALL require RBAC and MFA.
- Administrative access to production data for routine operations SHALL be restricted; emergency access (e.g., forensic analysis, manual disaster recovery) SHALL be formally approved and logged.
Required Outputs:
- Encryption configuration documentation and key management references.
- Access control lists and roles for backup systems.
Security Controls: SC-12, SC-13; SOC 2 CC6.x.
Approval Required: Security Officer, Policy Owner.
3.3 Testing, Monitoring, and RTO/RPO
Objective: Validate that backups can be restored and meet defined recovery objectives.
Mandatory Activities:
- Restore tests from backups SHALL be performed at least quarterly and after significant changes.
- Backup jobs SHALL be monitored, and failures SHALL trigger alerts and incident investigation.
- RTO and RPO targets for critical systems SHALL be defined and documented.
- Periodic reviews SHALL verify that observed restore performance meets defined RTO/RPO targets.
Required Outputs:
- Restore test reports.
- Documented RTO/RPO values by system tier.
Security Controls: CP-4, CP-6, CP-9.
Approval Required: Policy Owner, Engineering / Operations.
4. ROLES AND RESPONSIBILITIES
4.1 Engineering / Operations
Responsibilities:
- Implement and monitor backup jobs for production systems and data stores.
- Perform periodic restore tests and document results.
- Investigate and remediate backup failures.
- Maintain documentation of backup configurations and RTO/RPO values.
4.2 Security / Compliance
Responsibilities:
- Verify that backup design, frequency, retention, and storage meet this policy and framework requirements.
- Review backup monitoring and incident reports.
- Coordinate evidence collection during audits.
4.3 System Owners
Responsibilities:
- Ensure systems under their responsibility are included in the backup inventory and correctly classified.
- Work with Engineering / Operations to set system-specific RTO/RPO requirements.
- Validate that their systems’ data can be restored within agreed timeframes.
5. PROCEDURES
5.1 High-Level Backup and Recovery Procedure
| Step | Action | Responsible Party | Timeframe |
|---|---|---|---|
| 1 | Configure and schedule backups for each production system according to classification and RPO requirements. | Engineering / Operations | During system onboarding and significant changes |
| 2 | Monitor backup jobs and respond to failures; create incidents when backups fail or appear corrupted. | Engineering / Operations | Daily |
| 3 | Perform restore tests from backups to validate integrity and procedures. | Engineering / Operations | At least quarterly |
| 4 | Review backup coverage and retention against Data Classification and Data Retention Policies. | Security / Compliance; System Owners | At least annually |
| 5 | Document backup and recovery incidents, lessons learned, and resulting improvements. | Engineering / Operations; Security / Compliance | After each significant incident |
6. MONITORING AND COMPLIANCE
6.1 Compliance Monitoring
Compliance with this policy SHALL be monitored through:
- Regular review of backup job status and failure alerts.
- Periodic review of restore test reports.
- Internal audits comparing backup configurations against this policy, the Data Classification Policy, and the Data Retention Policy.
6.2 Metrics and Reporting
| Metric | Frequency | Owner |
|---|---|---|
| Backup success rate | Monthly | Engineering / Operations |
| Restore test success rate | Quarterly | Engineering / Operations |
| Number of backup-related incidents | Quarterly | Security / Compliance |
| Exceptions to backup policy | Quarterly | Policy Owner |
6.3 Non-Compliance Consequences
Failure to comply with this policy may result in:
- Corrective and preventive actions.
- Disciplinary measures up to and including termination.
- Additional technical or procedural remediation.
7. EXCEPTIONS AND WAIVERS
7.1 Exception Process
Exceptions to this policy SHALL:
- Be submitted in writing by the requesting party.
- Include detailed justification and business impact.
- Describe compensating controls or mitigation measures.
- Define exception duration and remediation plan.
7.2 Exception Approval Authority
| Risk Level | Approval Authority |
|---|---|
| Low | Policy Owner |
| Medium | Policy Owner and Security Officer |
| High | Policy Owner, Security Officer, and Compliance Officer |
| Critical | Executive Management |
8. DEFINITIONS
Backup: A copy of data stored for the purpose of recovery in case of loss, corruption, or disaster.
RTO (Recovery Time Objective): The maximum acceptable time required to restore a service after an outage.
RPO (Recovery Point Objective): The maximum acceptable amount of data loss measured in time.
Production System: Any system that processes, stores, or transmits live Dispel or customer data.
9. REFERENCES
9.1 Internal References
- Backup Policy
- Data Classification Policy
- Data Retention Policy
- Encryption Policy
- Incident Response Policy
9.2 External References
- NIST SP 800-34, Contingency Planning Guide for Federal Information Systems
- NIST SP 800-53, Contingency Planning (CP) family
- ISO/IEC 27001 Annex A.8.13 – Information backup
10. DOCUMENT HISTORY
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | 2022-01-01 | Ethan Schmertzler | Initial Creation |
| 2.0 | 2022-01-14 | Ethan Schmertzler | Approved |
| 3.0 | 2022-12-10 | Stefan Kristensen | Updated to reflect operational changes |
| 4.0 | 2025-01-06 | Stefan Kristensen | Approved |
11. APPROVAL SIGNATURES
| Role | Name | Signature | Date |
|---|---|---|---|
| Policy Owner | |||
| Security Officer | |||
| Compliance Officer |
END OF POLICY
APPENDICES
Appendix A: Backup and RTO/RPO Examples
| System Tier | RTO | RPO |
|---|---|---|
| Critical Online Services | 2 hours | 15 minutes |
| Support Functions | 1 day | 1 hour |
| Billing Systems | 2 days | 15 minutes |
| Network Services | 24–48 hours | N/A |
Appendix B: Platform-Specific Backup Notes
- Databases (AWS/Heroku): Snapshots, base backups, and WAL files persisted to S3; continuous protection and automated backup monitoring via Heroku Postgres.
- Source Code (GitHub): Source code stored in Git repositories hosted by GitHub, which is responsible for repository backup and redundancy.