Back-Up Policy

Last Updated: 17.04.2025

1. Compliance with NHS Guidelines

  • Backup policies comply with the NHS Digital Data Security and Protection Toolkit (DSPT), ensuring adherence to data security, retention, and recovery standards.
  • Redсentric services are aligned with NHS requirements for handling sensitive data.

2. Infrastructure Overview

  • Maiya is hosted on Redсentric’s Infrastructure as a Service (IaaS) platform, utilizing:
    • Two Managed Servers:
      • Web server (Internet-facing VLAN).
      • SQL server (HSCN-facing VLAN).
    • HSCN Connectivity: 25 Mbps bandwidth for secure communication with NHS networks.
    • Firewall Protection: Managed virtual firewall enabling secure data transfer.

3. Backup Solution (BaaS - Backup as a Service)

  • Redсentric Premium BaaS is employed, providing:
    • Regular automated backups of virtual machines (VMs).
    • Data stored in secure, NHS-compliant environments.
    • Assistance and support for backup configuration and management.
Backup Frequency and Retention:

  1. Virtual Machine Snapshots:

    • Periodic snapshots of the VMs allow rollback to prior states.
    • Snapshots are securely managed by Redсentric.

  2. Database Backups:

    • Nightly backups of the SQL database stored in a segregated directory on the VM.
    • Retention: 30 days for database backups, ensuring recovery options within the acceptable period.

  3. Dynamic Dataset:

    • Maiya’s core dataset is updated and seeded by a third-party system.
    • In case of an irrecoverable data issue, the dataset can be re-seeded using the third-party application.

4. Restoration and Disaster Recovery

  • VM Rollback:
    • Utilize VM snapshots for rapid recovery at the infrastructure level.
  • Database Restoration:
    • SQL server backups ensure point-in-time recovery.
  • Re-Seeding:
    • The third-party system provides an additional layer of redundancy for restoring critical datasets.

5. Security Measures

  • All backups are encrypted with AES-256 or equivalent, meeting NHS security standards.
  • Access to backups is restricted to authorized personnel, with multi-factor authentication required.

6. Monitoring and Testing

  • Backup operations are monitored daily to ensure completion and integrity.
  • Disaster recovery simulations are conducted quarterly to validate restoration procedures.

7. Roles and Responsibilities

  • Redсentric:
    • Infrastructure-level backups, including VM snapshots.
    • Secure management and retention of data.
  • Maiya IT Team:
    • Oversee database backups, monitor backups, and perform restorations as needed.
  • Third-Party Application Provider:
    • Re-seeding datasets if primary backups are unavailable or corrupted.

8. Review and Updates

  • This strategy will be reviewed annually or after significant changes to Maiya or Redсentric services.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Automating Health Ltd.
Email: info@maiya.org.uk
Address: 
Unit 13e, 92 Burton Road
Sheffield, UK
S3 8BX