Disaster Recovery
This policy defines how Ouva restores critical systems and data following a major disruptive event. Ouva’s infrastructure relies on managed cloud platforms (Supabase, Netlify) that provide built-in redundancy, automated backups, and provider-managed failover capabilities.
Recovery Goals
Section titled “Recovery Goals”Disaster recovery planning supports:
- Restoration of critical customer-facing services
- Preservation and recovery of required data
- Controlled return to normal operations with validated integrity
Recovery time and recovery point targets are informed by provider capabilities and support commitments.
Activation Criteria
Section titled “Activation Criteria”Disaster recovery procedures may be activated when one or more conditions occur:
- Prolonged outage affecting critical service availability
- Regional infrastructure failure or loss of primary environment
- Data corruption or destructive event that cannot be handled by standard incident playbooks
Recovery Phases
Section titled “Recovery Phases”- Assess: Confirm event scope, impact, and affected systems.
- Contain: Stabilize systems and prevent additional impact.
- Recover: Restore from backups, fail over to provider-managed alternate infrastructure, or rebuild critical services.
- Validate: Verify functionality, security controls, and data integrity.
- Resume: Transition back to normal operations and close emergency status.
Roles and Responsibilities
Section titled “Roles and Responsibilities”- A designated incident owner coordinates activation decisions, restoration tasks, and customer communication.
- Responsibilities are assigned based on event scope, with clear ownership for technical recovery and stakeholder updates.
- External advisors or provider support channels are engaged when needed.
Preparedness and Testing
Section titled “Preparedness and Testing”- Backup and restore procedures are tested on a recurring basis.
- Disaster recovery runbooks are reviewed and updated after exercises and real events.
- Lessons learned are tracked through post-incident review actions.
For platform infrastructure and service architecture, see Architecture Diagram. For provider-level backup and recovery capabilities, see Third-party Services.