Back-Up Policy

General notes

Backups are generally taken for two purposes:

- To allow restoration of the data to a prior state in the event of a data problem (e.g. corruption or inadvertent deletion of data)

- To restore the database onto an alternative machine or hosting location in the event of a problem with the hosting machine or environment

Systems hosted on Microsoft Azure (cloud)

Restoration to a prior state

Databases hosted on Azure are capable of being rolled back or restored to a previous point in time up to a configured limit. Unless otherwise agreed, the point-in-time backups will be available for up to 30 days. The resolution of the point-in-time backups is automatic and generally occurs every 10 minutes or so.

When restoring a system to a point-in-time backup there will be some system unavailability (to prevent users from making additional changes to a system that will be replaced by the backup and whilst the backup is restored). There may also be additional charges for this action.

Restoration following hosting problem

Microsoft Azure is hosted in a redundant way, so an event causing unavailability is unlikely. In the event of a wider-scale problem (e.g. a power-outage across the whole area of the hosting facility) the database can be restored to a different region’s hosting.

The backups are replicated automatically to a different region in order to make this available.

Restoring the system in a new hosting region is a manual process and the system will be unavailable while this process is performed.

Systems hosted directly (non-cloud)

For databases hosted directly we offer two tiers of operation:

- Standard – the database is backed up daily, overnight. Backups are retained for one day. This means that we can restore the system’s data to the state it was in at the start of the current day. Any information entered or altered since the time of the backup would be lost. 

- Premium – the database is backup up daily, overnight and an incremental backup is taken every 15 minutesIncremental backups are retained only until the next full backup. Full backups are retained for one day. This means that we can restore the system’s data to the start of the current day or to its state at any point (within a 15-minute window) from that point.

For both tiers, the daily backups are saved to non-volatile storage (storage that is not lost if the server computer fails completely) and are copied to off-site storage. 

This means that if the server computer fails, the system can be restored by provisioning a new server and loading the data from the backup copy held on-site. If the whole server facility fails, restoration of the system will require a new server to be provisioned in an alternative location and the data to be restored from the backup copy held off-site. Both of these will entail the system being unavailable whilst the new server is provisioned and the data restored onto it.