This policy was last reviewed July 21 2023.
1. Purpose
The purpose of the Peerceptiv Data Backup Policy is to establish the rules for the creation, testing, and management of backups of Peerceptiv Information Resources.
2. Scope
The Peerceptiv Data Backup Policy applies to any individual, entity, or process that create, evaluate, and/or implements changes to Peerceptiv Information Resources.
3. Maintenance
This Policy will be reviewed annually or as deemed appropriate based on changes in technology or regulatory requirements.
4. Enforcement
Violations of this Policy may result in suspension or loss of the violator’s use privileges, with respect to Peerceptiv Information Systems. Additional administrative sanctions may apply up to and including termination of employment or contractor status with the Company. Civil, criminal and equitable remedies may apply.
5. Exceptions
Exceptions to this Policy must be approved by the Chief Technology Officer (“CTO”) and formally documented. Policy exceptions will be reviewed on a periodic basis for appropriateness with all exceptions reviewed at least annually.
6. Policy
6.1 Form of Backup
Peerceptiv employees must utilized provisioned cloud resources to backup information systems. Under no circumstances will Peerceptiv employees be permitted to store backups of Peerceptiv data on personal devices not furnished by the Company.
6.2 Frequency of Backups
Critical information systems, such as production database systems, should perform continuous differential backups where possible. All Peerceptiv systems should be backed up at least daily or as necessary to meet the established system RPO.
6.3 Location of Backups
Where possible all backups should be mirrored to multiple physical locations to ensure data availability. Backups must be stored on company owned devices and never on personal devices. This requirement may not be waived for critical systems.
6.4 Testing of Backups
Critical backups must be tested monthly. All backups must be tested at least annually.
6.5 Retention
Backups should be retained as described under Company data retention and data privacy policies.
6.6 Applicability
Unless exempted, all Peerceptiv Information Systems should be governed as backed-up as described in this policy.