06e663b691
- Introduced a comprehensive suite of security documents to support ISO/IEC 27001 certification, including the ISMS Foundation, Risk Assessment Matrix, Gap Analysis Report, Statement of Applicability, and ISO27001 Roadmap. - Updated the README to include links to the new security documentation, enhancing the project's compliance framework and providing clear guidance on security policies and procedures. This addition strengthens the overall security posture of the Tender Management System and aligns with industry standards for information security management.
5.4 KiB
5.4 KiB
Backup & Recovery Policy
| Field | Value |
|---|---|
| Document ID | POL-004 |
| Version | 1.0 |
| Status | Draft — Pending approval |
| Owner | DevOps Lead |
| Maintained By | DevOps Lead |
| Effective Date | Pending approval |
| Review Cycle | Annual |
| ISO 27001 Reference | A.8.13 — Information backup |
Related: Information Security Policy | Incident Response Plan
1. Purpose
This policy defines backup requirements, retention periods, and recovery objectives for Tender Management System data to ensure business continuity and data protection.
2. Scope
Covers backup and recovery for:
| Asset | ID | Backup Method |
|---|---|---|
MongoDB (tm database) |
A-001 | Automated snapshots / mongodump |
| MinIO object storage | A-003 | Bucket replication or periodic sync |
| Redis | A-002 | RDB snapshots (cache — lower priority) |
| Application configuration | A-010 | Version-controlled templates; secrets in vault |
| Application logs | A-011 | Log aggregator retention |
3. Recovery Objectives
| Metric | Definition | Target |
|---|---|---|
| RTO (Recovery Time Objective) | Maximum acceptable downtime | 4 hours (production API) |
| RPO (Recovery Point Objective) | Maximum acceptable data loss | 1 hour (MongoDB); 24 hours (MinIO documents) |
RTO/RPO are reviewed annually and after major architecture changes.
4. Backup Requirements
4.1 MongoDB
| Parameter | Requirement |
|---|---|
| Frequency | Continuous oplog / hourly snapshots (production) |
| Retention | Daily: 30 days; Weekly: 12 weeks; Monthly: 12 months |
| Storage | Separate region/account from production |
| Encryption | Encrypted at rest (AES-256 or provider equivalent) |
| Access | DevOps Lead + break-glass only |
Collections in scope: companies, customers, users, tenders, notices, feedback, notifications, and all domain collections.
4.2 MinIO
| Parameter | Requirement |
|---|---|
| Frequency | Daily incremental; weekly full sync |
| Retention | 30 days rolling |
| Scope | files and documents buckets (company docs, tender JSON, translations) |
| Encryption | Server-side encryption enabled |
| Versioning | Bucket versioning enabled where supported |
4.3 Redis
| Parameter | Requirement |
|---|---|
| Frequency | Daily RDB snapshot |
| Retention | 7 days |
| Note | Redis holds ephemeral cache/session data; rebuild acceptable within RTO |
4.4 Configuration & Secrets
- Infrastructure-as-code and config templates in Git
- Production secrets in secret manager (not backed up in plaintext)
- Secret manager backup per provider documentation
5. Backup Security
- Backups classified C3 Confidential — same protection as source data
- Backup storage not publicly accessible
- Backup access logged and restricted to authorized DevOps personnel
- Backup encryption keys managed separately from backup data
- No backup data transferred to unauthorized regions (GDPR data residency compliance)
6. Recovery Procedures
6.1 MongoDB Full Restore
- Identify target recovery point (timestamp before incident)
- Provision clean MongoDB instance or restore to staging first
- Restore from snapshot / mongodump
- Verify document counts and sample integrity checks
- Update application connection string
- Run application smoke tests (auth, tender list, company profile)
- Monitor for 24 hours post-restore
6.2 MinIO Restore
- Identify affected buckets/prefixes
- Restore from backup or cross-region replica
- Verify file accessibility via file store service
- Re-run worker jobs for any missing derived data (translations)
6.3 Partial Restore (Single Collection / Document)
- Use point-in-time recovery or selective mongorestore
- Requires IC approval for production partial restores
- Audit log entry required
7. Backup Testing
| Test | Frequency | Success Criteria |
|---|---|---|
| MongoDB restore to staging | Monthly | Data integrity verified; app connects successfully |
| MinIO file restore (sample) | Quarterly | Random files readable and checksum-valid |
| Full DR simulation | Annual | RTO/RPO met in tabletop or live test |
| Backup job monitoring | Daily | All scheduled backups complete without error |
Test results documented with date, tester, outcome, and remediation items.
8. Responsibilities
| Role | Responsibility |
|---|---|
| DevOps Lead | Implement and monitor backups; conduct restore tests |
| ISO | Verify policy compliance; include backup status in management review |
| Engineering Lead | Validate application behavior post-restore |
| IC (during incident) | Authorize production restore; communicate status |
9. Failure Handling
If a scheduled backup fails:
- Automated alert to DevOps on-call
- Investigate and re-run within 4 hours
- If unrecoverable, escalate to P2 incident if production data at risk
- Document failure and resolution in backup log
10. Document Control
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | 2026-06-11 | Engineering | Initial policy |
Approval
| Role | Name | Signature | Date |
|---|---|---|---|
| DevOps Lead | Pending | ||
| ISO | Pending |