Bramble

Bramble Backup Policy

SOC 2 Criteria: CC9.1, A1.2

Keywords: Multiple availability zones, Backup frequency

Purpose

To protect the confidentiality, integrity, and availability of data, both for Bramble and Bramble’s customers, complete backups are performed daily to assure that data remains available when it’s needed and in the case of a disaster.

Policy

Bramble policy requires that:

  • Data should be classified at time of creation or acquisition according to the Data Classification Policy
  • An up-to-date inventory and data flow map of all critical data are maintained.
  • All business data should be stored or replicated into a company controlled repository, including data on end-user computing systems.
  • Data must be backed up according to its level defined in Data Classification Policy.
  • Data retention period must be defined and comply with any and all applicable regulatory and contractual requirements. More specifically,
    • Data and records belonging to Bramble customers must be retained per Bramble product terms and conditions and/or specific contractual agreements.
    • By default, all security documentation and audit trails are kept for a minimum of seven years, unless otherwise specified by Bramble’s Data Classification Policy, specific regulations, or contractual agreement.

Backup and Recovery

Customer Data

Bramble stores customer data in a secure production account in AWS, using RDS databases. By default, AWS provides durable infrastructure to store important data and is designed for durability of 99.999999999% of objects.

Bramble performs automatic backups of all customer and system data to protect against catastrophic loss due to unforeseen events that impact the entire system. An automated process will back up all data to a separate region in the same country (e.g. US East to US West). By default, data will be backed up daily. The backups are encrypted in the same way as live production data. Backups are monitored and alerted by CloudWatch. Backup failures trigger an incident by alerting the Security Officer. 

Source Code

Bramble stores its source code in git repositories hosted by GitLab. Source code repositories are backed up to Bramble’s AWS account on a daily basis. In the event that GitLab suffers a catastrophic loss of data, source code will be restored from the backups in AWS.

Contribute: Edit in Forestry Edit in Web IDE View Source