KACYBER SECURITY TECHNOLOGIES LTD

IT BACKUP PLAN

Document Control
Document Title KACYBER IT BACKUP PLAN (IBP)

Document Version No. 1.0

Date of Release 14th November 2024

Document Owner KaCyber Security Technologies Ltd

Classification / Confidentiality Internal

Level

Document Code KUG/PO/IBP

Document Approvals and Change Log

Document Approver Approval Date Signature

Version Designation Approved

1.0 Innocent CEO 05.12.2024

Orikiiriza

Page | 1 © Internal Use

​ ​
1. INTRODUCTION
This cybersecurity plan outlines the strategies, controls, and risk management
measures that KaCyber Security Technologies Limited ("KaCyber") will
implement to protect its e-ticketing, payment, and ride-hailing platforms. The
plan ensures the security of customer data, financial transactions, and overall
platform integrity against cyber threats.

1.1. PURPOSE
The purpose of this data backup plan is to ensure that KaCyber Security
Technologies Limited ("KaCyber") can safely and securely back up
mission-critical data, systems, databases and other technology so that it will
be available in the event of a disruption affecting business operations. All
company services are expected to implement data backup measures
whenever possible to minimize operational disruptions and to recover as
rapidly as possible when an incident occurs.

The plan encompasses company data backup operations for its services. This
is aligned to the Backup Policy.

2. SCOPE
The scope of this plan is limited to data backup activities, and is not a daily
problem resolution procedures document.

3. PLAN OBJECTIVES
●​ Serves as a guide for company’s IT data backup teams
●​ Provides procedures and resources needed to back up data, systems
and other resources
●​ Identifies vendors and customers that must be notified in the event of a
disruption that may necessitate recovering backed-up data and other
resources
●​ Minimizes operational disruptions by documenting, testing and
reviewing data backup procedures
●​ Identifies alternate sources for data backup activities
●​ Documents data storage, backups and retrieval procedures for vital
records and other relevant data

Page | 2 © Internal Use

​ ​
3.1. Assumptions
●​ Key IT data backup employees will be available following a disaster.
●​ This plan and related documents are stored in a secure off-site location
and not only survived the disaster but are accessible immediately
following the disaster.
●​ The IT organization will have technology disaster recovery (DR) plans
that align with this data backup plan.

3.2. Disaster Definition

A disaster is any disruptive or catastrophic event that causes an interruption in
technology relating to data, databases, systems, archived data and other
resources provided by company IT operations.

3.3. Data Backup and Related Teams

●​ Data Backup Team
●​ IT Technical Support Team
●​ See Appendix A for details on the roles and responsibilities of each
team.

3.4. Team Member Responsibilities

●​ Each team member will designate an alternate/backup.
●​ All team members should keep an updated calling list of team
members’ phone numbers both at home and at work.
●​ All team members should keep this plan for reference at home in case
a disruption occurs after normal work hours.
●​ All team members should familiarize themselves with the contents of
this plan.

4. BACKUP PLAN
Full and incremental backups protect and preserve information and should
be performed on a regular basis for system logs and technical documents
that are not easily replaced, have a high replacement cost, or are
considered critical. Backup media should be stored in a secure,
geographically separate location from the original and isolated from

Page | 3 © Internal Use

​ ​
environmental hazards.

A full backup of data files and instance parameter files should be scheduled
and daily incremental backups when the system activities are low. In
addition, incremental backups should be rolled into fullback up. Mission
critical data should be backed up, regardless of where it resides. A process
must be implemented to verify the success of the electronic information
backup.

IT Technical Support follows these standards for data backup and archiving:

System Databases

A copy of the most current mission-critical databases must be made daily, or

based on frequency of changes made.

Mission-Critical Data

Current mission-critical data and databases must be backed up according

to the established recovery point objectives (RPOs) and must be mirrored or
replicated to secure backup locations within the RPO time frames. The RPO
point is defined/ set in the Backup Policy.

Non-Mission-Critical Data

●​ Current non-mission-critical data and databases must be backed up at

least once a month.
●​ Backups may be stored on-site in secure storage facilities or stored
off-site at one or more secure cloud locations or at alternate company
data centers, or offices, or a combination of these.

Off-site Storage Procedures (if used)

●​ Tapes, disks, and other suitable media are stored in environmentally

secure facilities.
●​ Tape or disk rotation occurs on a regular schedule coordinated with
the storage vendor.
●​ Access to backup databases and other data is tested annually.

Tapes (if used)

●​ Tapes that are more than three years old are destroyed every six
months.

Page | 4 © Internal Use

​ ​
 ●​ Tapes less than three years old must be stored locally off-site.
●​ The system supervisor is responsible for the transition cycle of tapes.

4.1. Performing Data Backups

Data backups are to be scheduled daily, weekly and monthly depending on
the nature of the backup. Data administrators are to use the approved data
backup technology to prepare for, schedule, execute and verify backups.
Backups may be made to local storage resources (e.g., disk, tape, RAID)
locally or to off-site secure locations (e.g., cloud data backup service
providers, backup-as-a-service providers) approved by IT management.

4.2. Data Backup Activities

The following table lists data backup activities to be performed on a regularly
scheduled basis.

Action Who Performs

1. Review program with IT Lead data backup admin

management; secure approvals as
needed

2. Identify and categorize data to be Lead backup admin; backup

backed up team

3. Identify and categorize systems to Lead backup admin; backup

be backed up team

4. Identify and categorize other Lead backup admin; backup

resources to back up team

5. Schedule backup activities, e.g., Lead backup admin; backup

date, time, frequency, type of team
resource to back up, destination

Page | 5 © Internal Use

​ ​
 for backups

6. Program backup systems and Lead backup admin; backup

resources according to schedule team
and policy

7. Schedule tape backup and Lead backup admin; backup

rotation activities team

8. Execute backups of data, systems Lead backup admin; backup

and other resources team

9. Ensure that tapes are secured for Lead backup admin; backup
pickup and are properly labeled; team
verify pickup

10. Verify that backups were Lead backup admin; backup

completed and all backed-up team
resources are unchanged

11. Prepare and distribute backup Lead backup admin; backup

reports team

12. Schedule and conduct tests of Lead backup admin; backup

data backups team

13. Schedule and perform patching of Lead backup admin; backup

backup resources team

14. Update backup systems and Lead backup admin; backup

technologies as needed team

Page | 6 © Internal Use

​ ​
4.3. Data Recovery
All services shall be automatically configured using snapshots to recover
data, databases, systems, applications and other information assets if a
disruptive event occurs that necessitates the recovery of those assets and
resources.

5. PLAN REVIEW AND MAINTENANCE

This data backup plan shall be reviewed annually alongside the Backup
Policy to ensure that backups will occur as needed and when needed. As
part of this activity, it is advisable to review the listings of data backup team
personnel, data backup service vendors and cloud data backup vendors,
and update contact details as needed.

The hard-copy version of this data backup plan will be stored in a common
location where it can be viewed by IT personnel, such as data administrators.
Electronic versions will be available from IT Technical Support.

Appendix A: Teams
Data Backup Team

Responsible for overall planning, management and execution of data

backup activities and providing regular reports to IT management on backup
performance according to specific data backup metrics.

Support Activities

●​ Analyzes data backup performance against specific metrics

●​ Sets backup priorities based on collaboration with IT Technical Support
and user departments
●​ Provides IT management with ongoing status and performance data
●​ Works with vendors and IT Technical Support to ensure continuous
operation of backup

IT Technical Support (ITS) Team

Supports the performance of data backup and related data storage

Page | 7 © Internal Use

​ ​
activities

Support Activities

●​ Assist with data backup activities as needed

●​ Provide guidance on equipment, systems and other services, as
required
●​ Coordinate testing of data backup operations to ensure they are
functioning normally

Page | 8 © Internal Use

​ ​