Data Backup Policy - Article
Summary
This policy defines how Eurekos protects customer and platform data through structured backup and recovery procedures. It establishes responsibilities, risk controls, and recovery capabilities to ensure data availability, integrity, and resilience in the event of incidents or system failures.
In this article you will learn:
- How Eurekos ensures data availability through structured backup procedures
- Which risks the backup strategy is designed to mitigate
- What recovery capabilities exist for files, databases, and systems
- How responsibilities and SLAs govern backup and recovery processes
Background
The Data Backup Policy documents the regulations and technical measures implemented to ensure data availability, integrity, and recoverability. It serves both as internal governance documentation and as evidence to third parties that legally required availability controls are properly maintained.
Responsibilities
- Eurekos is responsible for maintaining IT security and backup procedures for client solutions
- Specific service levels, liabilities, and recovery expectations are defined in the applicable Service Level Agreement (SLA)
- Custom agreements apply to in-premises installations
Legal & Regulatory Alignment
Verification of technical and organizational measures for commissioned data processing is documented in the Data Processing Agreement (DPA) with each client.
Risk Considerations
The backup strategy addresses risks including:
- Human error, misuse, sabotage, or cyberattack
- Technical malfunctions and hardware failure
- Force majeure events (e.g., fire, flood)
- Events with significant or potentially existential business impact
To mitigate these risks, Eurekos applies a comprehensive and uniform backup framework across all clients, ensuring consistent protection standards.
Backup & Recovery Procedures
Eurekos maintains the capability to:
- Recover individual files, specific database records, or full system environments as required
- Initiate re-deployment of a clean system version within approximately one hour of incident response activation, with total recovery time dependent on overall data volume and transfer requirements
- Begin full database restoration promptly upon validation, with recovery typically completed within one to two hours from initiation under normal data volumes; larger datasets may require proportionally longer processing time
Database backups are stored locally for a defined retention period and replicated to a secondary geographic location every 24 hours. This layered design significantly reduces the risk of complete backup compromise.
Additional safeguards include:
- Continuous monitoring of backup jobs
- Automated alerts for failed backup processes
- Regular restoration testing to validate recovery capability
- SLA-based customization of recovery time objectives where agreed
Backup Storage & Protection
Backups are stored:
- Within secure hosting environments located in the EU, US, or other regions as contractually agreed, ensuring alignment with applicable data residency and regulatory requirements
- Replicated daily to a geographically separate location to maintain resilience and business continuity
- Restricted to authorized personnel under role-based access controls and documented access governance procedures
Security measures include:
- Encrypted transmission during transfer
- Encryption at rest and in transit
- Complex, unique credentials across systems
- Coverage of application data and video storage
Unless otherwise specified in an SLA, incremental backups are retained daily for a minimum of one month.