KwikID DocumentationBackup and Disaster Recovery
DC/DR procedures and department-wise backup policies for Kwik Vault
Backup and Disaster Recovery
Kwik Vault includes backup and disaster recovery (DR) so document data stays available and intact after hardware failure, site outage, or operator error, with the same security as the primary deployment.
Overview
Each bank runs a dedicated Deployment Instance. Backup and DR preserve document blobs, metadata, workflow state, and audit chains so the vault can be restored within agreed RTO (Recovery Time Objective) and RPO (Recovery Point Objective) targets.
Principles
- Same security: Backup and DR environments use the same encryption, access control, and audit logging as production.
- Data integrity: Backups are consistent and restorable; Business Keys and version history remain correct after recovery.
- Department awareness: Backup scope and retention can differ per department based on regulatory and operational requirements.
Backup Procedures
What is backed up
| Component | Contents |
|---|---|
| Object storage | Versioned document blobs for all departments |
| Relational store | Document metadata, workflow state, tenant config, audit chain |
| Search index | Metadata index (rebuildable from relational store if needed) |
| Identity config | Service user and portal user mappings |
Encryption keys remain in KMS/HSM; backups do not contain plaintext key material.
Backup frequency and retention
| Backup type | Default frequency | Default retention |
|---|---|---|
| Full snapshot | Daily | 30 days |
| Incremental | Hourly | 7 days |
| Audit archive | Weekly | Per regulatory policy (typically 7+ years) |
Institution-specific schedules are documented in the deployment runbook delivered at go-live.
Department-Wise Backup Policy
Departments may require different backup and retention treatment based on regulatory class:
| Department | Typical policy | Rationale |
|---|---|---|
| Compliance | Extended retention; immutable audit archive | Examination and dispute resolution |
| Retail Banking | Standard daily + hourly incremental | High-volume KYC and account documents |
| Corporate Banking | Standard with branch-scoped restore | Large deal files; branch-level recovery |
| Treasury | Restricted tenant; encrypted offsite copy | Segregated corpus with stricter access |
| Operations | Standard with faster RPO | Operational continuity for daily processing |
Configure department-specific retention in Configuration and coordinate with Storage and Lifecycle for ILM tier transitions.
Department backup matrix
Super admins review per-department backup coverage on the Deployment page under storage and backup status.
Disaster Recovery
DR topology
- Primary DC: Active deployment instance serving ingest, search, and portal traffic.
- DR site: Warm standby with replicated object storage and relational store; search index rebuild on failover.
- Failover: Documented runbook; only authorized operators execute DR failover; all actions logged.
RTO and RPO targets
| Tier | RPO | RTO | Scope |
|---|---|---|---|
| Critical | 1 hour | 4 hours | Core API, object storage, relational store |
| Standard | 24 hours | 8 hours | Search index, workflow engine |
| Archive | 7 days | 24 hours | Cold-tier blobs under ILM |
Exact targets are agreed per institution during deployment planning.
Backup Verification
- Automated restore tests: Monthly validation that a sample department corpus restores correctly.
- Integrity checks: Audit chain hash verification after each full backup.
- Runbook drills: Quarterly DR failover exercise documented in the operations log.
Benefits
- Availability: Limits downtime after failure or disaster.
- Integrity: Document versions and audit history restore correctly.
- Department flexibility: Backup policy aligns with each department's regulatory class.
Next Steps
- Security and Compliance: encryption and access controls
- Storage and Lifecycle: ILM tiers and retention
- Deployment: service health and capacity monitoring
- Introduction: back to Kwik Vault overview