The mechanisms that are used by FMI Works to enable reliable backups and auditing for use in data recovery or regulatory audits
This article is for IT and security professionals
The FMI Works solutions store data in a both structured and unstructured data formats. This requires different backup and auditing solutions as outlined below.
The backup and auditing is done as per the above diagram where:
- Data is stored in the Microsoft Azure cloud. The mechanisms described here leverage the native Azure backup and auditing mechanisms. If not specified in your Order, the Primary Data Center (PDC) for data will typically be in the Australia East (Sydney) zone.
- Structured data is stored in a Azure Database which is powered by the same core engine that runs Microsoft SQL Server. This is the primary transactional database for FMI Works. Most information is stored here with the exception of some types of large object and unstructured data
- A complete transaction log for the running databases is maintained. This provides the primary data backup and recovery mechanism. This mechanism can be used by FMI to restore databases to any previous version with the SLA. If not specified in your Order, this Point-In-Time-Recovery (PITR) is 30 days. These PITR backups are deleted upon account termination.
- In addition to the PITR backups, a full database backup of all data is taken once per month. This secondary mechanism can be used by FMI to recover older data. If not specified in your Order, these Long-Term-Retention (LTR) backups are maintained for 6 months as per our standard Terms and Conditions. These LTR backups are retained as per the T&Cs even after account termination unless customer notifies us for immediately deletion.
- Finally, all data transacted in Azure SQL databases are audited into blobs in Azure Storage. These storage accounts are set to write-only and maintained for the entire life of the account. This mechanism allows FMI to investigate historical changes to the database and is typically only used to satisfy regulatory requirements. The audits are automatically stored with a policy that prevents tampering or deletion, even by FMI DevOps engineers.
- Unstructured data is stored in blob storage in Azure Storage. These blob storage accounts use a soft-overwrite mechanism where any change to data does not immediately delete the previous version, but instead saves a copy. These copies are maintained for 30 days.
- All data, both structured and unstructured is replicated in a Secondary Data Center (SDC). The SDC is typically in the Australia Southeast (Melbourne) zone, but may be in other zones as per your agreed Terms and Conditions. This copy provides additional backups should anything happen to the PDC. See the High Availability and Disaster Recovery article for more information.
Note: typical values indicated are copied from our standard Terms and Conditions which will apply unless specified otherwise in your Order.