Leadline Inc.Leadline Inc.
Control Requirements

BDR-08: Daily Incremental Backups

Daily incremental backups with failure monitoring and resolution

BDR-08: Daily Incremental Backups

Control Description

On a daily basis, OR On each business day, (choose one) incremental backups of the in-scope applications and related databases are configured to be performed. The backup system is configured to alert IT personnel of any backup failures, and any repeated backup failures are investigated and resolved.

Plain Meaning

This control requires organizations to perform daily incremental backups of critical applications and databases, with automated monitoring to detect and alert on backup failures. When failures occur repeatedly, they must be investigated and resolved to ensure data protection.

Automated Backups

Amazon RDS Backup Capabilities

Our organization leverages Amazon RDS for comprehensive database backup and recovery solutions that fully satisfy the BDR-08 control requirements.

Automated Backups

Amazon RDS provides automated backup functionality that is enabled by default and includes:

  • Daily Automated Backups: RDS automatically creates storage volume snapshots of your DB instance daily
  • Configurable Backup Window: 30-minute user-configurable backup window to minimize impact on production
  • Retention Period: Configurable backup retention up to 35 days
  • Transaction Log Backups: Continuous backup of transaction logs for point-in-time recovery
  • Incremental Storage: Only incremental storage changes are billed, reducing costs

Database Snapshots

Manual snapshot capabilities provide additional backup options:

  • User-Initiated Backups: Create manual snapshots at any time
  • Indefinite Retention: Snapshots kept until explicitly deleted
  • Cross-Region Copies: Copy snapshots across AWS regions
  • Cross-Account Sharing: Share snapshots with other AWS accounts
  • Encryption Support: Full encryption for backup security

Implementation Overview

Our RDS backup implementation ensures comprehensive data protection while meeting all BDR-08 control requirements through automated processes and monitoring.

  • BDR-01: Business Continuity Planning
  • BDR-02: Business Continuity Testing
  • BDR-03: Business Continuity Documentation
  • BDR-04: Business Continuity Training
  • BDR-05: Business Continuity Monitoring
  • BDR-06: Data Retention and Destruction
  • BDR-07: Backup Storage and Security

Resources and References

BDR-07: Data Retention and Destruction Standards

Formal standards for data retention and disposal of PII/PHI data

BDR-09: Backup Encryption

Automatic AES encryption for backup protection