Data Recovery / Business Continuity Policy

1. Data Backup and Recovery

1.1 Backup and Recovery Process

Zoliday has a formal backup and recovery process. Application logs are backed up and are maintained for a duration of one year. Customers’ data is backed up in two ways:
A continuous backup is maintained in different datacenters to support a system failover if it were to occur in the primary datacenter. Should an unlikely catastrophe occur in one of the data-centres, businesses would lose only five minutes of data.
Data is backed up to persistent storage every day and retained for the last fourteen days.


1.2 Backup of server configurations

Yes. System state snapshots of baselined configuration are created and saved using Amazon Machine Images (AMI) or Azure System Images. The AMIs/System-Images are periodically updated and are used while creating new instances.


1.3 Backup Encryption

Yes. All backups are encrypted using AES 256-bit encryption with key strength of 1,024 bits and keys being managed through AWS/AZURE Key Management Services (KMS).


1.4 Bespoke Retention Schedules

We follow a uniform backup and retention schedule. By default, all data are retained for the data retention period in the Terms of Service and deleted thereafter. All data from encrypted backup servers are deleted within three months from termination of the account.


2. Business Continuity and Disaster Recovery

2.1 Business Continuity and Disaster Recovery Plan

Zoliday has a formal Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) defined and implemented to enable people and process support during any crisis or business interruptions. Appropriate roles and responsibilities has been defined and documented as part of the BC plan. Zoliday Information Security Office and respective Customer Manager will be responsible for communication and notification during a crisis.


2.2 Business Continuity commitment from third parties

Zoliday partners with organizations, that like itself adhere to global standards and regulations. These organizations include sub-processors or third-parties that Zoliday utilizes to assist in providing its products. Regular assessments are conducted to ensure continuity and availability of services.


2.3 Infrastructure Resilience

We have a highly resilient and fault tolerant architecture that is leveraged further from the disaster resilience provided by AWS/AZURE.