Application Hosting - Backup & Restore Policy

Application Hosting - Backup & Restore Policy

Policy Objective

The objective of this policy is to provide set of written rules revolving around backing up and restoring of the applications hosted on Scopic's Application Hosting environment.

Policy Scope

This policy applies to data hosted on the resources (servers, volumes, databases) that are part of the Application Hosting service.

Policy Statement

From backup perspective this policy recognized two type of applications:
  1. Development/Staging Applications
    Development Applicatoins are used by development teams during development. It should, by definition, NOT HAVE any data that cannot be lost without any consequences.
    Staging Applications are resources used to do Quality Assurance and confirm that application is working according to the design. They might have the same data/configs/settings as the production applications but this is NOT the main source of truth, meaning that this data/settings/configs can be lost without any consequences.  
  2. Production Applications
    Production Applications are applications that are used by real end-users. As such they are the main source for applications data and Scopic will make efforts to protect and secure this data as it cannot be lost.     

Backup Policy

All applications hosted on Scopic's Application Hosting environment must be backed up according to this policy, and data needs to be preserved throughout reboots, restarts and hazards.

Backup policy is different depending on the application type as defined above.
  1. Development/Staging Applications
    1. Data should not be backed up by default. If data needs to be backed up, that needs to be explicitly requested.
    2. Any possible backups that might be needed, will be backed up daily for the last 7 days.
    3. Backups will have a maximum retention period of 2 months after the resource is deleted. After 2 months, expired backups will be permanently deleted. This retention period is there in case we need to quickly get resource back up online. 
  2. Production Applications
    1. Data MUST have backups. No exception to this rule.
    2. The location of the backup is determined by the type of backup:
      • In case of a regular backup, we will be backing up using the backup option provided by the cloud provider (i.e. RDS backups, EBS snapshots, etc). 
      • In case of On-Site Ransomware Protection backup, we will be copying all data to an AWS S3 immutable bucket. 
      • In case of Off-Site Ransomware Protection backup, we will be copying all data to a Wassabi immutable bucket.
    3. The retention period of the backup is determined by the type of backup:
      • In case of a regular backup, we should have daily backups with retention period of 7 days and monhtly backups with the retention period of 6 months. 
      • In case of On-Site Ransomware Protection backup, we should have daily backups with retention period of 30 days.
      • In case of Off-Site Ransomware Protection backup, we should have daily backups with retention period of 30 days.
    4. When possible the latest monthly backup should also be copied to another region for safekeeping. This other region should store only one copy of the backup.
    5. The latest daily backup should be kept for six months after the cancelation of the service. All other backups will be removed immediately. Immutable backups will remain until the retention period is over and client will be charged for that.
    6. There will be two yearly validity checkup of backups for production applications. The validity check will be scheduled on a Scopic level, not per application, meaning that Scopic will have two dates during the year when the checkups will be done.
IMPORTANT: Backups are a good way to limit the data loss, but in case of a hazard there might be some loss of data generated during the time between the last daily backup and the time of hazard.

Restore Policy

Backup restoration is a manual process and can be invoked based on the specific needs, but it can be either Automatic Restore Request or Manual Restore Request. In either case, restoring the backup is a manual process that will be done by Scopic’s IT Department.
  1. Automatic Restore Request will be done in case of any hazard that requires Scopic to get the applications back online. This will be done using the latest created backup. Automatic restore is free of charge to the client.
  2. Manual Restore Request will be done upon specific request by the customer via the support portal. Manual restore can be done using any specific backup available in the system. Manual restore might be charged to the client in case the request is not caused by infrastructure problems.
    Note: Clients will submit any requests via Scopic's Support Portal.
Any violation of the policy can be reported to incidents@scopicsoftware.com. Scopic will do its best to remedy the breach as soon as possible.

    • Related Articles

    • Application Hosting - Introduction

      Welcome to the Scopic's Application Hosting introduction page. In this page, you will be introduced to the Application Hosting offering and understand if this is the right choice for your needs. What is Application Hosting? Application Hosting is ...

    • What is Scopic’s backup policy?

      Scopic has strict backup policies that aim to define and publish the rules around creating, verifying, and using backups for resources that are part of the Hosting Services. Backup Policy Hosting as a Service (HaaS) Resources are resources used to ...

    • Application Hosting - Monitoring Policy

      Policy Objective The objective of this policy is to provide set of written rules revolving around monitoring of the applications on Scopic's Application Hosting evnironment. Policy Scope This policy applies to the resources (servers, volumes, ...

    • Application Hosting - Privacy Policy

      What information does the Website store? Scopic can request and store data needed to provide services for you. We do not directly store or have access to your credit card details. Your credit card information is securely stored and processed by a ...

    • What is Scopic’s monitoring policy?

      This policy aims to provide guidelines on how monitoring of the client applications deployed to HaaS should be monitored. For each application, we set Zabbix Web monitoring which is capable of monitoring the application from the user perspective. For ...