FAQ's regarding backups
If you're registering as a provider with an insurer they may ask you to provide information about the way you handle data on behalf of their clients. Keep in mind that under GDPR you (as the clinician) are the "data controller" and we (as the system provider) are the "data processor".
As the data controller you are ultimately responsible for your client's data but understandably if you choose to use a system like WriteUpp you need assurances about our practices and procedures in relation to backups. This article is intended to answer the questions that are most commonly asked by insurers and it should also provide you with some peace of mind that you are in safe hands.
Do you maintain redundant backups of sensitive and critical system information?
Data is replicated in real-time to two separate physical locations and then to four additional locations within those physical locations.
The more traditional way of dealing with backups is to copy data once per day to tape or a back-up drive. However, this is fundamentally flawed for two reasons:
Its inevitable that data will be lost between backup cycles
Backup to physical devices are prone to failure and also require significant restore times due to the limitations of the media
For these reasons we take a more sophisticated approach that means that data is backed-up in real-time to a completely mirrored infrastructure
Do you have backups stored offsite?
Again, this question relates to an out-moded concept. In the past it was necessary to hold backup media (tapes. disks etc) in a fire proof safe in a separate physical location to avoid the possibility that backups might be destroyed by a flood or fire.
Because your data is replicated in real-time to two separate data centres 1000km apart there is little or no possibility that both data centres will be compromised simultaneously.
Are restore procedures documented and tested?
There are no restore procedures because the data is replicated in real-time. If one instance fails we automatically fail-over to the other
How often are back up procedures in place?
Real-time
Do system backups reside with third parties? If so, how often is sensitive information backed up?
Your data is hosted in two Azure data centres operated by Microsoft. They are backed-up in real-time
Do you have a disaster recovery plan or incident response plan that takes account of loss of functionality/data as a result of a hack?
Yes
Are you ISO27001 certified?
Yes
As the data controller you are ultimately responsible for your client's data but understandably if you choose to use a system like WriteUpp you need assurances about our practices and procedures in relation to backups. This article is intended to answer the questions that are most commonly asked by insurers and it should also provide you with some peace of mind that you are in safe hands.
Do you maintain redundant backups of sensitive and critical system information?
Data is replicated in real-time to two separate physical locations and then to four additional locations within those physical locations.
The more traditional way of dealing with backups is to copy data once per day to tape or a back-up drive. However, this is fundamentally flawed for two reasons:
Its inevitable that data will be lost between backup cycles
Backup to physical devices are prone to failure and also require significant restore times due to the limitations of the media
For these reasons we take a more sophisticated approach that means that data is backed-up in real-time to a completely mirrored infrastructure
Do you have backups stored offsite?
Again, this question relates to an out-moded concept. In the past it was necessary to hold backup media (tapes. disks etc) in a fire proof safe in a separate physical location to avoid the possibility that backups might be destroyed by a flood or fire.
Because your data is replicated in real-time to two separate data centres 1000km apart there is little or no possibility that both data centres will be compromised simultaneously.
Are restore procedures documented and tested?
There are no restore procedures because the data is replicated in real-time. If one instance fails we automatically fail-over to the other
How often are back up procedures in place?
Real-time
Do system backups reside with third parties? If so, how often is sensitive information backed up?
Your data is hosted in two Azure data centres operated by Microsoft. They are backed-up in real-time
Do you have a disaster recovery plan or incident response plan that takes account of loss of functionality/data as a result of a hack?
Yes
Are you ISO27001 certified?
Yes
Updated on: 07/11/2022
Thank you!