Purpose

This Backup Policy ensures the integrity, availability, and recoverability of MailSlurp data by defining a systematic approach to backup operations. The policy outlines procedures for performing, storing, and testing backups of critical systems and data to minimize data loss and support rapid recovery.

Scope

This policy applies to all data and systems managed by MailSlurp, including our primary database hosted on AWS RDS and associated applications. It covers all backup operations, storage practices, and restoration procedures used to protect MailSlurp’s operational and customer data.

Backup Operations

  • Database Backups:
    MailSlurp performs hourly automated backups of its primary database on AWS RDS. These backups capture the current state of the database to ensure minimal data loss in the event of a system failure.
  • Backup Storage:
    All RDS backups are stored in Amazon S3. The S3 buckets used for backup storage are encrypted using AES-256 encryption, ensuring that backup data remains confidential and tamper-proof.
  • Retention Policy:
    Backups are retained in accordance with MailSlurp’s data retention requirements to support compliance and operational continuity. Retention periods are defined based on business needs and regulatory requirements.
  • Backup Testing:
    Regular testing is conducted to verify that backups are complete, accurate, and restorable. Restoration procedures are periodically tested to ensure that data recovery meets defined Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).

Roles and Responsibilities

  • Operations Team:
    Responsible for monitoring backup processes, ensuring scheduled backups occur without error, and verifying backup integrity.
  • Database Administrators (DBAs):
    Manage AWS RDS backup configurations, oversee backup performance, and coordinate with the Operations Team for restoration testing.
  • Compliance and Security Teams:
    Ensure backup operations meet regulatory and internal security requirements, including encryption and access control measures.

Recovery and Restoration

  • Recovery Objectives:
    In the event of data loss or system failure, backups will be used to restore operations within defined RTOs and RPOs, minimizing business disruption.
  • Restoration Procedures:
    Documented procedures outline the steps to restore data from encrypted S3 backups. These procedures are regularly reviewed and updated to reflect changes in technology and business requirements.

Monitoring and Reporting

  • Backup Monitoring:
    Automated systems monitor backup processes and alert the Operations Team in the event of failures or anomalies.
  • Audit and Reporting:
    Detailed logs of backup operations are maintained and reviewed regularly to ensure compliance with this policy. Any issues identified are escalated and resolved promptly.

Review and Revision

  • Annual Review:
    This policy is reviewed and updated at least once per year or when significant changes occur in the IT environment or regulatory landscape.
  • Change Management:
    Modifications to backup procedures or retention schedules must be documented and approved by senior management.

Conclusion

MailSlurp is committed to maintaining robust backup practices by leveraging hourly AWS RDS backups and encrypted S3 storage. Adhering to this policy ensures that critical data is protected, recoverable, and compliant with regulatory and operational requirements.

Approved by: Jack Mahoney, CTO
Approval Date: January 15, 2025
Next Review Date: January 15, 2026