The Backup & Recovery Policy and Procedure shall be applied to all critical information systems and services that fall within the scope of Evercam ISMS.
Evercam is committed to ensuring the availability, integrity, and security of our ICT systems and data. As such, regular and reliable backups are essential to mitigate information security risks and threats. Evercam ensures that all essential business information and software are backed up to allow recovery from
This policy outlines the procedures and responsibilities for implementing and maintaining a comprehensive backup and recovery strategy in line with our business, legal, regulatory, and contractual requirements.
Key points
Responsibilities
All users have an individual responsibility to ensure that:
Paper-Based Data
All Essential Company data whose master copy is in paper format is stored in the following locations:
Electronic-Based Data
It is the responsibility of each user to ensure that electronic-based data is properly stored to ensure backup and recovery. The appropriate manager is responsible for ensuring that suitable backup & recovery procedures are in place. For a summary of Evercam key electronic system backups refer to the table below.
Evercam core systems backups
System |
Type of data |
Location |
Frequency of backup |
Person in charge |
Zoho People |
Employee data |
Cloud and Zoho data centres |
every 7 days |
Director of Support |
Zoho Email |
Employee and customer data |
Cloud and Zoho data centres |
Evercam has an e-discovery policy enabled for email which means that all emails even if they have been deleted are retained. A default retention policy is enabled which states that all emails (including spam/deleted) will be retained for 365 days. |
Director of Support |
Zoho CRM |
Customer data |
Cloud and Zoho data centres |
2 times a month |
Director of Support |
Zoho Analytics |
Customer and employee data |
Cloud and Zoho data centres |
every 7 days |
Director of Support |
Google Drive |
Customer and employee data |
Cloud and Google data centres |
real-time |
Director of Support |
GitHub |
Evercam Source code |
Cloud and data centres in USA (Seattle and Northern Virginia) |
real-time |
CTO |
Hetzner Servers |
Customer data (recordings) |
Hetzner: Am Datacenter-Park 1, 08223 Falkenstein/Vogtland, Germany |
ZFS File System is in place Additional backup in edge Evercam kits storage (NVR) |
CTO |
Heroku Servers |
Customer data |
Amazon AWS cloud datacenter in Ireland |
every 7 days |
CTO |
AWS Servers |
Customer data (users’ passwords and credentials, projects, links between cameras and users, and events managed by the Evercam platform) |
AWS: Burlington Rd, Dublin 4, D04 HH21, Ireland |
Database servers on AWS are managed by Heroku, and automatic backups are included in the AWS Plan (SLA). |
CTO |
In line with our ISMS Evercam follows the Business Continuity Policy and Incident Response Procedure in the event of disasters, data loss, cyber-attacks, hardware, media, and/or system failures etc. To recover from such a situation one must escalate through a series of procedures until a satisfactory restoration is met. As Evercam is a remote-first company this procedure covers the backup and restoration of electronic data held on external servers. Paper-based data is NOT covered by this procedure.
Responsibility
It is the Technology Lead and Director of Support responsibility to manage, monitor, and audit the backup and recovery procedures for data held on designated servers.
Scope
The backup and restore procedures are essential to our business. Their primary purpose is to aid in disaster recovery to minimize the amount of data lost after a disaster has occurred e.g. equipment failure, data corruption, loss of power, etc. Their secondary purpose is to allow the recovery of specific files requested by individuals. This document outlines the step-by-step procedures for conducting backups and performing data recovery in Evercam. These procedures are designed to ensure the availability, integrity, and security of critical data and systems.
1. Data Classification and Selection
Identify and classify data based on its criticality and importance. Prioritise critical systems, databases, source code, and user data for regular backups.
2. Backup Schedule
Please refer to the table above on p. 4.
3. Backup Methods
Select an appropriate backup method:
4. Backup Execution
System administrators will initiate backups using the designated backup software or tools (contacting a dedicated support contact for third-party systems)
5. Ensure backups are stored in designated backup storage locations
Types of backup retention:
Regularly monitor and manage backup storage to ensure sufficient space.
6. Offsite Storage
Store a copy of backups off-site in a secure and controlled environment. Maintain a documented inventory of off-site backup storage.
Evercam has enabled eDiscovery, Email Retention, and backup for our Zoho mail server. An email retention policy and eDiscovery help Evercam to stay compliant with retention laws, handle lawsuits and litigations, avoid witness tampering, and investigate theft of information or contractual disputes.
In summary, our email backup is:
Evercam database covering users’ passwords and credentials, projects, links between cameras and users, and events managed by the Evercam platform is backed up in AWS servers automatically with Heroku as the main interface to manage backups. The availability and durability levels of the AWS backups are guaranteed through SLA.
Evercam follows a two-fold strategy:
The customer recordings from the site are stored in Hertzner servers. To ensure the backup full frame recordings can be retrieved from hard drives and NVR installed locally in the Evercam kit on site. These can be accessed remotely to retrieve the necessary data. To monitor the performance Evercam relies on Grafana as a tool to query and visualize logs and metrics. It allows us to control our hard drives’ performance metrics remotely. Grafana is used daily by our Dev team. Evercam relies also on Prometheus as a system that alerts DevOps (via email) about issues and irregularities (when a metric is going above/beyond a threshold) when it comes to our hard drives. Prometheus is used to collect metrics from servers (CPU, Memory, Network, and Storage).
In case of emergency (hardware issues such as loss of a hard drive) the procedure is to email Hetzner support system [email protected]
Evercam source code is stored on Github with Cloud servers located in the USA (Seattle and Northern Virginia). Regular automated backups of code repositories are performed in real-time. Backups must be encrypted during transmission and storage to protect sensitive code and data from unauthorized access. Periodic restoration tests should be conducted to ensure the viability of backups for recovery purposes.
Developers are responsible for committing their code to the designated repositories and ensuring that the code is up-to-date. Regular commits reduce the risk of code loss.
By adhering to this Code Backup Policy, we aim to maintain the integrity of our code repositories and enable swift recovery in the face of data loss or other unforeseen events. This policy underscores our commitment to data security, continuous availability, and the overall success of our development efforts.
1. Data Restoration
In case of data loss or system failure, follow these steps for data recovery:
2. Disaster Recovery
In the event of a larger-scale disruption, such as a system-wide failure or disaster, follow these steps:
To identify the best recovery methods to use, the following data is required:
Depending on the answers above, the best recovery method is applied. Time is important and the quicker the loss/corruption is found, the quicker the recovery will be.
Backup Testing
Regularly perform test restores from backups to ensure data recoverability. Document and address any issues identified during testing.
Backup Monitoring
Continuously monitor backup logs for any failures or errors. Investigate and resolve backup issues promptly.
Documentation and Reporting
Maintain comprehensive documentation of backup and recovery procedures, including schedules, methods, and test results. Provide regular reports to management on the status of backups, recoveries, and any incidents.
Ensure that system administrators are trained on the proper execution of backup and recovery procedures. Conduct regular training sessions and refresher courses as needed.
Regularly review and update this procedure to reflect changes in technology, data needs, and company requirements.