Customer Data Backup Policy – Effective 19th August 2017

1. Description

This backup policy describes the conditions and archiving procedures in which Onefile Ltd (“we”) backup and archive the data that you upload and store in our online software applications (“Customer Data”).

2. Scope

This policy is only applicable to customers with an active contract supported by a written agreement (the “Agreement”).

3. Definitions

Item Definition
Backup Means any copy of the Customer Data that is taken on a regular basis and stored in a secure location and is further defined in section 5;
Backup Retention Period Means the amount of time in days that we hold Backups for in the event of DR;
DR Means disaster recovery and is the approach taken to recover services in the event of an Incident;
Incident” Means an event that affects either the availability, confidentiality or integrity of the Customer Data;
RPO Means the recovery point objective as defined in section 4 which is the targeted maximum age of Customer Data that may be unrecoverable following an incident;
RTO Means the recovery time objective as defined in section 4 which is the targeted maximum duration of time for the Services to be fully restored following any incident;
Services Shall have its meaning as defined in the Agreement

4. Backup Objectives

4.1 The RPO is 30 minutes.

4.2 The RTO is 30 minutes.

4.3 The Backup Retention Period is 90 days.

5. Policy Principles

5.1 Backups are used by OneFile for recovering data in the event of an Incident.

5.2 Backups are stored in UK data centres certified to ISO27001 standard and will never be moved outside the UK or a location that does not meet this standard, unless otherwise explicitly stated in your agreement.

5.3 Backups consist of:

5.3.1 Database Backups which are taken throughout the day at intervals no less than the RPO and copied to a DR data centre located within the UK

5.3.2 File backup copies which are taken throughout the day, and stored at a DR data centre

5.4 Backups from the previous day are tested each day to ensure they are valid.

5.5 Only named employees of Onefile Ltd have access to Backups.

5.6 Files are stored in an encrypted form when saved to the storage system.

5.7 The DR site data centre is maintained with equivalent capabilities as the production data centre to ensure the continuation of service performance in the event of a serious incident.

6. Updates

This policy is version 2 and was last updated on 3 July 2017. Any amendments to this policy will be notified to customers with 30 days’ notice.

Also see: Information Security Policy.