Backup Policy

Effective Date: 30 June 2025

This Backup Policy defines the requirements for backup and recovery of data, systems, and applications managed by Uzabiz to ensure business continuity and data integrity.

1. Purpose

The purpose of this policy is to ensure that all critical data and systems are backed up regularly and can be restored in the event of data loss, corruption, or disaster.

2. Scope

This policy applies to all information systems, applications, and data assets maintained by Uzabiz, including those hosted on cloud platforms and third-party services.

3. Backup Frequency

• Critical systems: Backups are performed daily.
• Non-critical systems: Backups are performed weekly.
• Configuration files and logs: Backed up nightly or as defined in system-specific policies.

4. Backup Types

• Full Backups: Performed weekly for critical systems.
• Incremental Backups: Performed daily to capture changes since the last full backup.
• Snapshot Backups: Utilized for virtual machines and containerized environments.

5. Storage and Retention

• All backups must be stored in secure, encrypted formats (e.g., AES-256).
• Backups must be stored in geographically diverse locations, including offsite or cloud-based storage.
• Retention period for backups is a minimum of 90 days, or longer depending on regulatory requirements.

6. Backup Integrity

Backups must be tested periodically (at least quarterly) to verify data integrity and successful recovery.

7. Access Control

• Access to backup data is restricted to authorized personnel only.
• All access must be logged and monitored for suspicious activity.
• Backup media must be protected against unauthorized access, loss, or theft.

8. Responsibilities

• IT Team: Responsible for implementing and managing backup procedures.
• Security Team: Responsible for auditing backup compliance and security.
• Management: Ensures appropriate resources are allocated for backup and recovery operations.

9. Disaster Recovery

Backup data will be used to restore systems in the event of a disaster as outlined in the Uzabiz Disaster Recovery Plan. Recovery Time Objective (RTO) and Recovery Point Objective (RPO) must be defined and documented for all critical systems.

10. Compliance

This policy supports compliance with data protection laws such as the Kenya Data Protection Act and international standards like ISO/IEC 27001.

11. Policy Review

This policy must be reviewed and updated at least annually or following any significant changes to systems, regulations, or business requirements.

12. Contact

For questions or concerns about this policy, contact the Uzabiz IT Team at it@uzabiz.africa.