Backup Policy

Purpose, scope and users

The purpose of this document is to ensure that backup copies are created at defined intervals and regularly tested.

This document is applied to customer data for active subscribers for all Agilio Software | Primary Care (formerly Clarity Informatics) products.



Means any copy of the Customer Data that is taken on a regular basis and stored in a secure location and is further defined in Policy principles;

“Backup retention period”

Means the amount of time in days that we hold Backups for in the event of DR;


Means disaster recovery and is the approach taken to recover services in the event of an Incident;


Means an event that affects either the availability, confidentiality or integrity of the Customer Data;


Means the recovery point objective as defined in Backup Objectives which is the targeted maximum age of Customer Data that may be unrecoverable following an incident;


Means the recovery time objective as defined in Backup Objectives which is the targeted maximum duration of time for the Services to be fully restored following any incident;


Shall have its meaning as defined in the terms and conditions or contract documentation.

Backup Objectives

The RPO is 4 hours.

The RTO is 4 hours.

The Backup Retention Period is 90 days.

Policy Principles

Backups are used by Agilio Software for recovering data in the event of an Incident.

Backups are stored in UK data centres certified to ISO27001 standard and will never be moved outside the UK or a location that does not meet this standard.

Backups consist of:

· Database Backups which are taken throughout the day at 20-minute intervals and copied to a DR data centre located within the UK

· File backup copies which are taken throughout the day and stored at a DR data centre located within the UK.

Backups from the previous day are tested each day to ensure they are valid.

Only named employees of Agilio Software have access to backups.

Files are stored in an encrypted form when saved to the storage system.

DR site data centre is maintained with equivalent capabilities as the production data centre to ensure the continuation of service performance in the event of a serious incident.


This policy is version 1.0 and was last updated August 2019. Any relevant amendments to this policy will be notified to or negotiated within customers with 30 days’ of change, for example, direct service element timescales.