This rule ensures that EBS volumes are safeguarded with a backup plan to prevent data loss.
Rule | EBS volumes should be protected by a backup plan |
Framework | GxP EU Annex 11 |
Severity | ✔ High |
Compliance Rule: EBS Volumes Backup for GxP EU Annex 11
Overview
The Good Manufacturing Practice (GMP) standards dictated by EU Annex 11 require that electronic records be protected against loss. In the context of Amazon Web Services (AWS), this involves ensuring that Elastic Block Store (EBS) volumes, used for storing data in the AWS cloud, are regularly backed up. Compliance with these standards is critical for maintaining the integrity and availability of electronic records, especially for companies in the pharmaceutical, healthcare, and life sciences sectors.
Detailed Backup Plan Requirements
Rule Description
EBS volumes containing GxP relevant data must be backed up consistently and automatically to prevent data loss and ensure data recovery capabilities. The following are the key components of a compliant backup plan:
Troubleshooting Steps for Backup Failures
If a backup plan is not in place or is failing, follow these steps:
Necessary AWS CLI Commands
To create an automated backup policy with the necessary GxP compliance features, you can use AWS CLI commands:
Configure AWS Backup Vault with Encryption
aws backup create-backup-vault --backup-vault-name "GxPBackupVault" --encryption-key-arn "arn:aws:kms:<region>:<account-id>:key/<key-id>"
Create a Backup Plan
aws backup create-backup-plan --backup-plan '{"BackupPlanName":"GxPBackupPlan","Rules":[{"RuleName":"DailyBackup","TargetBackupVaultName":"GxPBackupVault","ScheduleExpression":"cron(0 0 * * ? *)","StartWindowMinutes":60,"CompletionWindowMinutes":360,"RecoveryPointTags":{"tag-key":"tag-value"},"Lifecycle":{"MoveToColdStorageAfterDays":30,"DeleteAfterDays":3650},"CopyActions":[{"DestinationBackupVaultArn":"arn:aws:backup:destination-region:account-id:backup-vault:destination-vault"}] }] }'
Assign Resources to the Backup Plan
aws backup create-selection --backup-plan-id "<backup-plan-id>" --backup-selection '{"SelectionName":"GxPSelection","IamRoleArn":"arn:aws:iam::<account-id>:role/service-role/<role-name>","Resources":["arn:aws:ec2:<region>:<account-id>:volume/<volume-id>"]}'
Step-by-Step Backup Remediation Guide
create-backup-plan
command which automates daily backups and sets up cross-region copying of snapshots following your region's requirements.create-selection
command, specifying the volume ARNs.By following these guidelines, businesses can ensure that their EBS volumes are backed up according to GxP EU Annex 11 standards, mitigating the risk of data loss and maintaining regulatory compliance.