LEAP -- Data Backup Standard Operating Procedure (SOP)
| Document Number |
SOP-GL-GRC-BKUP-1.0 |
| Target audience |
DevOps, IT Operations, DevSecOps, Application Teams |
Cover page layout
Contents
- 1. Purpose
- 2. Scope
- 3. Definitions
- 4. Roles and Responsibilities
- 5. Procedure Steps
- 5.1. Step 1: Resource Classification and Tagging
- 5.2. AWS Backup Plan & Configuration
- 5.3. IT Ops/SaaS Backup
- 6. Backup monitoring
- 7. Restoration Procedures
- 7.1. Manual Restoration
- 7.2. SaaS Restoration
- 8. Restoration Testing
- 8.1. Automated Restore Testing (AWS)
- 8.2. SaaS restoration
- 9. Annual DR Test
- 10. Evidence Retention
- 11. P Exceptions
- 12. SOP Monitoring
- 13. Version History
Purpose
This SOP defines the operational procedures for implementing, executing, monitoring, testing, and restoring backups across LEAP's infrastructure in accordance with the LEAP Data Backup Policy
Scope
This SOP applies to all backup and restore operations across:
- AWS production workloads (EC2, RDS/Aurora, DynamoDB, S3, OpenSearch, FSx, ElastiCache)
- Microsoft Azure and Microsoft 365 environments
- Corporate SaaS platforms (Atlassian Bitbucket, Jira, Confluence, Salesforce, Dropbox)
- All LEAP legal entities and regions
Definitions
| Term |
Definition |
| AWS Backup |
AWS-native centralised backup service used for scheduling, managing, and monitoring backups |
| N2WS (CPM) |
Enterprise-class backup, recovery, and disaster recovery solution for AWS (legacy --- being migrated to AWS Backup) |
| CloudAlly |
Cloud-to-cloud backup solution for Microsoft 365 |
| GitProtect |
Backup and disaster recovery solution for Atlassian Bitbucket |
| Rewind Backups |
Backup and disaster recovery solution for Jira and Confluence |
| Restore Testing |
Scheduled validation that backups are restorable and data integrity is maintained |
Roles and Responsibilities
| Role |
Responsibilities |
| DevOps, InfraTeam |
Configure and maintain AWS Backup plans and policies. Execute and validate restore operations for AWS resources. Manage cross-account and cross-region replication. Maintain backup tagging standards. Conduct quarterly restore testing. |
| IT Operations |
Manage backups for Microsoft 365 (CloudAlly), Azure AD, and corporate SaaS. Monitor daily backup job notifications. Execute restore operations for internal IT systems. |
| GRC |
Monitor backup compliance via AWS Backup Audit Manager. Coordinate annual DR testing. Maintain evidence for SOC 2 and ISO 27001 audits. Review and update this SOP annually. |
| Application Teams |
Validate functionality and data integrity after restore operations. Participate in restore testing. Report data loss or corruption to DevOps/IT immediately. |
Procedure Steps
Step 1: Resource Classification and Tagging
- All production resources must be tagged with the appropriate backup policy tag (backup:policy=live-operational or backup:policy=live-compliance).
- DevOps must verify tagging compliance monthly using AWS Config rules.
- Untagged production resources must be flagged and remediated within 5 business days.
AWS Backup Plan & Configuration
- Backup plans are configured centrally in the Backup Management Account (Delegated Backup Admin).
- Backup policies are applied organisation-wide across all live source accounts via AWS Organizations.
- Backup plans must include:
- Daily, weekly, monthly, and long-term schedules per the retention policy
- Cross-account copy to the air-gapped backup vault
- Cross-region copy for disaster recovery (where implemented)
- Encryption using KMS
IT Ops/SaaS Backup
- Microsoft 365: CloudAlly configured for daily backups of Exchange, OneDrive, SharePoint, and Teams. IT team monitors daily backup job notifications via shared mailbox.
- Atlassian Bitbucket: GitProtect configured for daily backups with 3-year retention.
- Atlassian Jira/Confluence: Rewind Backups configured for automated backups.
- Salesforce: Data warehouse backup via Snowflake for data recovery capability.
Backup monitoring
- DevOps monitors AWS Backup job status via the AWS Backup console and CloudWatch alarms.
- IT Operations monitors CloudAlly and GitProtect backup job notifications daily.
- Failed or missed backup alerts must be investigated and resolved within 4 hours during business hours.
- All backup failures must be logged as incidents in Jira.
Restoration Procedures
Manual Restoration
- Incident identification: Application team reports data loss or corruption.
- Restore request: Request submitted to the DevOps team via Jira service desk.
- Restore point selection: Select appropriate backup recovery point from the backup vault.
- Restore execution: Restore initiated using AWS Backup (or native service restore for PITR).
- Resource validation: Application team validates functionality and data integrity.
- Sign-off: Recovery is not complete until the application owner has signed off on validation. Sign-off is captured in the incident ticket.
SaaS Restoration
- Microsoft 365: Restore via CloudAlly console --- full mailbox restore, specific item restore, OneDrive account restore, Teams site restore, or SharePoint site restore. Restores can be performed to source or downloaded.
- Atlassian Bitbucket: Restore via GitProtect console.
- Salesforce: Data recovery via Snowflake data warehouse import
Restoration Testing
Automated Restore Testing (AWS)
- Automated restore testing is configured using AWS Backup Restore Testing.
- Restore testing plans are triggered on a quarterly basis.
- AWS Backup selects the latest recovery point and restores into the restore testing account.
- Basic validation checks are performed automatically.
- Temporary resources are automatically deleted after validation
SaaS restoration
- Microsoft 365 (CloudAlly): Full Exchange mailbox restore and specific item restore performed twice per year. OneDrive, Teams, and SharePoint restores performed annually. Restores are performed to source and also downloaded.
- Atlassian Bitbucket (GitProtect): Restore test performed annually.
- All restore test results must be documented and retained as evidence for SOC 2 and ISO 27001 audits.
Annual DR Test
- A comprehensive DR test is conducted at least annually (scheduled per the BCP/DR plan).
- The test must produce:
- Tabletop disaster recovery exercise report --- notes, outputs, action items, effectiveness assessment
- Data restore test documentation --- test plans, schedules, execution records, validation reports
- Redundant backup/system locations evidence --- screenshots, logs confirming multi-zone deployment, replication, or copies
- Results are reviewed by GRC and reported to the CISO and Leadership Committee.
Evidence Retention
All backup-related evidence must be retained for audit purposes, including:
- Backup job logs and completion reports
- Restore test plans, execution records, and validation reports
- Compliance evaluation reports from AWS Backup Audit Manager
- Incident tickets for backup failures and restore operations
- DR test reports and sign-off records
Policy Exceptions
Exceptions in this SOP will be risk-assessed by CISO or relevant Executive, with valid business justification and SOP Owner's approval. Exceptions will be time bound
SOP Monitoring
Compliance with this SOP will be monitored through periodic reviews, audits, and management oversight.
Version History
| Version Number |
Date |
Section Changes |
Author |
Approver |
| 1.0 |
<<enter date>> |
Initial Release |
<<Title>> |
<<Title>> |