Backup Policy
Rules
This document defines the rules for protecting data and ensuring its recoverability.
Data Tiers & RPO/RTO
| Tier | Description | RPO | RTO |
|---|---|---|---|
| Critical | Core identity, config, and family data. | 1 Hour | 4 Hours |
| Standard | Application data, media, and tools. | 24 Hours | 24 Hours |
| Disposable | Caches, logs, temporary files. | N/A | Best Effort |
Retention Rules
- Critical Data: Must be backed up daily, with weekly offsite replication. Retain for 30 days minimum.
- System Config: Must be backed up after every confirmed change (via Git).
- Offsite Copies: At least one copy of critical data must be physically separated from the primary site.
Verification Requirements
- Automated Checks: Every backup job must report its status to the Observability platform.
- Restore Drills: A manual restore test must be performed for each “Critical” service at least once every 6 months.
- Immutability: Backups should be stored in a way that prevents modification or deletion by a compromised system (e.g., append-only mode).