DATA BACKUP PLAN

Purpose: The purpose of this data backup plan is to ensure that User Data can be safely and securely backed up using databases and other technologies so that it is available in the event of a failure affecting business operations and the processing of such Data. Backups will be implemented whenever possible to minimize disruption and to recover as quickly as possible in the event of an incident.

The scope of this plan is limited to data backup activities, and is not a daily problem resolution procedures document. 

1. DEFINITION 
   1. User is any person who installs the App to receive Services for the purpose of monitoring their health.
   2. Personal Data is any information that is in the public domain, allowing you to directly or indirectly identify the User. For example, first name, last name, phone number, IP address.
   3. Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
   4. Data is a common name for Personal Data and Data concerning health
   5. Disaster is any disruptive or catastrophic event (e.g., power outage, weather, natural disaster, vandalism) that causes an interruption in technology relating to Data, databases, systems, archived data and other resources provided by the Company. 
   6. DeHealth company (hereinafter referred to as the "Company" or "DeHealth") is a DEHEALTH TECHNOLOGIES, INC, registered at 1049 El Monte Avenue, Ste C #846,
Mountain View, CA 94040, United States, EIN: 36-5099713, which provides Services to Users.
   7. DeHealth application (hereinafter referred to as the "App") is a service created so that the User can check the state of his health and monitor the change in his health.
2. PLAN OBJECTIVES
   1. Plan Objectives:
      1. Serves as a guide for User data backup teams;
      2. References and points to the location(s) of backed-up Data, systems, applications and other mission-critical data resources;
      3. Provides procedures and resources needed to back up Data, systems and other resources;
      4. Identifies Users that must be notified in the event of a disruption that may necessitate recovering backed-up data and other resources:
         1. Minimizes operational disruptions by documenting, testing and reviewing data backup procedures:
         2. Identifies alternate sources for data backup activities:
         3. Documents data storage, backups and retrieval procedures for vital records and other relevant Data.
3. ASSUMPTIONS
   1. Company data backup employees (e.g., lead data backup administrator, team leaders, technicians and alternates) will be available following a Disaster.
   2. The Company will have technology Disaster recovery (DR) plans that align with this data backup plan.
   3. This plan and related documents are stored in a secure off-site location and not only survived the Disaster but are accessible immediately following the Disaster.
4. DATA BACKUP
   1. Backup is performed by the Data Backup Team:
   2. Data Backup Member Responsibilities:
      1. Each team member will designate an alternate/backup.
      2. All team members should keep an updated calling list of team members’ work, home and cell phone numbers both at home and at work.
      3. All team members should keep this plan for reference at home in case a disruption occurs after normal work hours. 
      4. All team members should familiarize themselves with the contents of this plan. 
5. BACKUP POLICY
   1. Full and incremental backups protect and preserve corporate network information and should be performed on a regular basis for system logs and technical documents that are not easily replaced, have a high replacement cost, or are considered critical. Backup media is stored in a secure, geographically separate location from the original and isolated from environmental hazards. Backup network components, cabling and connectors, power supplies, spare parts and relevant documentation is stored in a secure area on-site as well as at other corporate locations.
   2. Data and document retention policies are established to specify what records must be retained and for how long. All departments are responsible for specifying their data management, data retention, data destruction and overall records management requirements. 
   3. Automatic backups are performed daily on Amazon S3 with multi-zone replication. Backups are stored encrypted using KMS, and regular recovery tests are performed to confirm that the copies are working.
   4. The Disaster Recovery Plan is bsed on NIST SP 800-34, includes the established RTO (Recovery Time Objective) and RPO (Recovery Point Objective).
   5. Data Backup Team follows these standards for data backup and archiving:
      1. System Databases:
         1. A copy of the most current mission-critical databases are made at least twice per month, or based on frequency of changes made.
         2. Backups are stored off-site.
         3. The lead data administrator is responsible for this activity.
      2. Data concerning health and Data:
         1. Current Data concerning health and databases are backed up according to the established recovery point objectives (RPOs), and must be mirrored or replicated to secure backup locations within the RPO time frames. 
         2. Backups aare stored off-site at one or more secure cloud locations or at alternate company data centers.
         3. The lead data administrator is responsible for this activity.
      3. Non-Mission-Critical Data:
         1. Current non-mission-critical data and databases are backed up according to the established RPOs, and can be mirrored or replicated to secure backup locations within the RPO time frames.
         2. Alternatively, copies of current data and databases are at least twice per week, or based on RPO metrics or the frequency of changes made.
         3. Backups are stored on-site in secure storage facilities, or stored off-site at one or more secure cloud locations or at alternate company data centers or offices, or a combination of these.
         4. The data administration team is responsible for this activity.
   6. Off-site Storage Procedures are not used by the Company for data backup.
   7. Data backups are to be scheduled daily, weekly and monthly depending on the nature of the backup. Data administrators are to use the approved data backup technology to prepare for, schedule, execute and verify backups.
   8. Procedures are established, documented and periodically tested to recover Data, databases, systems, applications and other information assets if a Disaster occurs that necessitates the recovery of those assets and resources. 
   9. This data backup plan are reviewed periodically and the procedures validated (and updated as needed) to ensure that backups will occur as needed and when needed. As part of this activity, it is a review the listings of data backup team personnel, data backup service vendors and cloud data backup vendors, and update contact details as needed.
   10. The following table lists data backup activities are performed on a regularly scheduled basis:

       No	Action	Who Performs
       1.	Review program with Company management; secure approvals as needed	Head of Data Backup Team
       2.	Identify and categorize Data to be backed up	Lead backup Data Backup Team
       3.	Identify and categorize systems to be backed up	Lead backup Data Backup Team
       4.	Identify and categorize other resources to back up	Lead backup Data Backup Team
       5.	Schedule backup activities, e.g., date, time, frequency, type of resource to back up, destination for backups	Data Backup Team
       6.	Program backup systems and resources according to schedule and policy	Data Backup Team
       7.	Schedule tape backup and rotation activities	Data Backup Team
       8.	Execute backups of data, systems and other resources	Data Backup Team
       9.	Ensure that tapes are secured for pickup and are properly labeled; verify pickup	Data Backup Team
       10.	Verify that backups were completed and all backed-up resources are unchanged	Data Backup Team
       11.	Prepare and distribute backup reports	Data Backup Team
       12.	Schedule and conduct tests of data backups	Data Backup Team
       13.	Schedule and perform patching of backup resources	Data Backup Team
       14.	Update backup systems and technologies as needed	Data Backup Team

       Data Backup Team

       Name	Address	Position	Mobile/Cell Phone
       Oleh Khomiak	[email protected]	Chief information security officer (CISO)	+447732980639 @okhomiak (telegram)
       Alexander Lisovik	[email protected]	Web3/Mobile Lead	@alexander1i (telegram)
       Bohdan Hordiychuk	[email protected]	Backend Engineer Master's in Computer Science	@bohdan_hordiychuk (telegram)

       Approved Vendor Contact List

       Name	Contact	Email	Mobile/Cell Phone
       empat.tech Team	Yuri Sergienko Yaroslav Melnychenko Valeriia Cartier Ihor Kovalko Anastasiia Matviienko Sergiy Tytenko Karyna Kelleci	[email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]	@SergiyTytenko @marsnope @igorfors @karynakelleci @krusty408 @yarikmelnychenko
       Appricotsoft	Taras Gopko Serhii Sylenok Oleksandr Palyha Hanna Opalevych	[email protected] [email protected] [email protected] p>[email protected]	+48792966562

       Approved Data Backup Locations List

       Company Name	Contact	Email	Address
       Amazon S3 (https://aws.amazon.com/s3/)	phone: (206) 266-4064 fax: (206) 266-7010	[email protected]	Amazon Web Services, Inc. P.O. Box 81226 Seattle, WA 98108-1226 http://aws.amazon.com