For our cybersecurity audit, we’re being asked how does Gitlab backup our data for the SaaS solution? I am assuming that the free tier and the paid tiers have the same backup policy, but if not, that would be interesting to know. Questions we’re looking to have answered:
- Frequency of backups
- Retention period
- Are offline copies stored
- Frequency of testing of backups
- Encryption of backups
- Recovery time objective
Hi,
See here, this is what I found when googling gitlab saas backup policy
.
Backups of our production databases are taken every 24 hours with continuous incremental data (at 60 sec intervals), streamed into GCS. These backups are encrypted, and follow the lifecycle:
- Initial 14 days in Multi-regional storage class.
- After 14 days migrated to Nearline storage class.
- After 40 days migrated to Coldline storage class.
- After 120 days, backups are deleted.
- Snapshots of filesystems are taken every 4 hours; this is primarily git repository data but also includes other transient operational data