Search Knowledge Base Articles

DATA BACKUP & DISASTER RECOVERY POLICY

Effective Date: 02 June 2025
Applies To: All critical business systems, data, and digital infrastructure under MPLATS ENTERPRISE (PTY) LTD

1. PURPOSE

This policy ensures business continuity by defining the procedures for secure data backup, protection, and recovery in the event of data loss, system failure, cyberattack, natural disaster, or other disruptive events.

2. SCOPE

This policy applies to:

  • All electronic data generated, received, processed, or stored by Mototolo Mine

  • All critical applications, databases, servers, and end-user devices

  • On-premises and cloud-based infrastructure

3. RESPONSIBILITIES

  • IT Department: Executes, monitors, and verifies backups; manages disaster recovery (DR) operations.

  • Departmental Heads: Identify critical data and confirm recovery priorities.

  • All Employees: Must store data in approved locations and avoid saving critical files on unapproved devices or locations.

4. DATA CLASSIFICATION FOR BACKUP

Data is classified as:

  • Tier 1 – Critical Operational Data (e.g. SAP, fuel records, safety logs): Backed up daily, replicated offsite.

  • Tier 2 – Sensitive Business Data (HR, finance): Backed up weekly, encrypted.

  • Tier 3 – Non-Critical Data (temporary files): Backed up monthly or on-demand.

5. BACKUP STRATEGY

  • Frequency:

    • Full system backup: Weekly

    • Incremental backups: Daily (automated)

    • Real-time replication for mission-critical systems

  • Storage Locations:

    • Primary onsite backup server (firewall and UPS-protected)

    • Secondary encrypted offsite/cloud backup

  • Retention Period:

    • Critical data: Minimum 5 years

    • Compliance-related data: Per regulatory requirements (e.g. tax records, safety reports)

  • Encryption:

    • All backups must be AES-256 encrypted in transit and at rest

6. DISASTER RECOVERY PROCEDURES

  • Activation:

    • Initiated by the IT Manager in consultation with the General Manager and Risk Officer

    • Triggers: Hardware failure, cyberattack, fire, flood, power outage, sabotage

  • Recovery Time Objective (RTO):

    • Mission-critical systems: 4 hours

    • Non-critical systems: 24–72 hours

  • Recovery Point Objective (RPO):

    • Maximum data loss not to exceed 24 hours

  • Alternate Site:

    • Cloud-hosted or remote infrastructure to resume critical operations

  • Communication Plan:

    • Internal and external stakeholder updates coordinated by Communications & IT teams

7. TESTING & AUDITING

  • DR simulations conducted quarterly

  • Backup integrity verification conducted weekly

  • Annual audit of compliance with the Data Backup & DR Policy

8. POLICY VIOLATIONS

Non-compliance may result in:

  • Loss of data privileges

  • Disciplinary action for negligence

  • Liability for operational or financial impact caused by unapproved practices

9. CONTACT INFORMATION

IT Operations & Backup Team
Email: backup@mplats.co.za
Phone: 013 516 0549

Did you find this article useful?

Related Articles