Backup and Disaster Recovery Policy

This Backup and Disaster Recovery Policy is effective dated: June 01, 2024

Control Document: GEF-PP-012, Ver. 1.0

Purpose

The purpose of this Backup and Disaster Recovery Policy is to establish guidelines and procedures for ensuring the availability and integrity of galaxefi‘s (“Company”) data and information systems in the event of a disaster. This policy aims to minimize the impact of disasters, ensure business continuity, and facilitate the recovery of critical operations.

Scope

This policy applies to all data, applications, and information systems managed by the Company. It covers:

  • Data backup procedures
  • Disaster recovery planning
  • Roles and responsibilities
  • Testing and maintenance of backup and disaster recovery plans

Definitions

  • Backup: The process of creating copies of data to ensure its availability in case of data loss or corruption.
  • Disaster Recovery (DR): The process of restoring systems and data following a disruptive event to ensure business continuity.
  • Recovery Point Objective (RPO): The maximum acceptable amount of data loss measured in time.
  • Recovery Time Objective (RTO): The maximum acceptable amount of time to restore critical systems and data.

Objectives

The Company aims to achieve the following objectives:

  • Ensure regular and reliable backups of all critical data and systems.
  • Develop and maintain a disaster recovery plan to restore operations quickly after a disruption.
  • Define roles and responsibilities for backup and disaster recovery activities.
  • Regularly test and update backup and disaster recovery plans.

Backup Procedures

Data Backup

  • Perform regular backups of all critical data, including databases, application data, and configuration files.
  • Store backups in multiple locations, including off-site or cloud storage, to protect against local disasters.
  • Encrypt backups to ensure data security and confidentiality.

Backup Frequency

  • Full backups: Perform full backups of all critical data at least once a week.
  • Incremental backups: Perform incremental backups of all critical data at least daily.
  • Ensure that backup schedules meet the defined RPO requirements.

Backup Retention

  • Retain daily backups for at least 30 days.
  • Retain weekly backups for at least 3 months.
  • Retain monthly backups for at least 1 year.
  • Adjust retention periods as necessary to comply with legal and regulatory requirements.

Disaster Recovery Planning

Disaster Recovery Plan (DRP)

  • Develop and maintain a comprehensive DRP that outlines the procedures for responding to and recovering from disasters.
  • The DRP should include:
    • Identification of critical systems and data
    • Recovery strategies and procedures
    • Communication plans and contact information
    • Roles and responsibilities of the DR team

Recovery Strategies

  • Implement recovery strategies to meet defined RTO and RPO requirements.
  • Utilize redundant systems, failover mechanisms, and alternative sites to ensure rapid recovery.
  • Ensure that all critical systems and data have documented recovery procedures.

Roles and Responsibilities

  • Disaster Recovery Team: A designated team responsible for coordinating and executing the DRP.
  • IT Department: Responsible for performing backups, maintaining backup infrastructure, and supporting the DRP.
  • Compliance Officer: Responsible for ensuring that backup and disaster recovery procedures comply with legal and regulatory requirements.
  • Employees: Responsible for understanding their roles in the DRP and participating in testing and training activities.

Testing and Maintenance

Regular Testing

  • Conduct regular testing of backup and disaster recovery procedures at least annually.
  • Perform both scheduled and unscheduled tests to evaluate the effectiveness and readiness of the DRP.
  • Document the results of all tests and update the DRP as necessary based on findings.

Plan Maintenance

  • Review and update the DRP at least annually or whenever there are significant changes to the IT environment, business operations, or regulatory requirements.
  • Ensure that all employees and stakeholders are informed of changes to the DRP and receive appropriate training.

Policy Review and Updates

  • This policy will be reviewed annually and updated as necessary to ensure its effectiveness and alignment with industry best practices and regulatory requirements.
  • Changes to this policy will be communicated to all employees and stakeholders.

Roles and Responsibilities

  • Disaster Recovery Team: A designated team responsible for coordinating and executing the DRP.
  • IT Department: Responsible for performing backups, maintaining backup infrastructure, and supporting the DRP.
  • Compliance Officer: Responsible for ensuring that backup and disaster recovery procedures comply with legal and regulatory requirements.
  • Employees: Responsible for understanding their roles in the DRP and participating in testing and training activities.

Quick Contact

By adhering to this Backup and Disaster Recovery Policy, galaxefi commits to ensuring the availability and integrity of its data and information systems, minimizing the impact of disasters, and maintaining business continuity. For questions or concerns about this Policy, please use the following form: