Rule: RDS DB instances should be in a backup plan
Ensure that RDS DB instances are included in a backup plan for data protection.
| Rule | RDS DB instances should be in a backup plan |
| Framework | GxP EU Annex 11 |
| Severity | ✔ High |
Ensuring RDS DB Instances are Compliant with GxP EU Annex 11 Backup Requirements
Overview of GxP EU Annex 11 Backup Requirements
GxP EU Annex 11 relates to the computerized systems used within the pharmaceutical industry in the European Union. It outlines the expectations for the management of electronic records, ensuring data integrity, security, and availability. Among other requirements, Annex 11 stipulates that there must be a robust backup plan in place to prevent data loss and to allow for data recovery.
Amazon RDS (Relational Database Service) must be configured to align with GxP EU Annex 11 by maintaining regular backups. RDS supports automated backups, manual snapshots, and can replicate data across multiple geographically dispersed data centers for disaster recovery purposes.
RDS Backup Configuration Steps
Step 1: Enable Automated Backups
- 1.Sign in to the AWS Management Console and open the Amazon RDS console.
- 2.Choose the RDS DB instance you want to manage.
- 3.Click on the "Instance Actions" dropdown and select "Modify".
- 4.Find the "Backup" section.
- 5.Set the "Backup Retention Period" to the desired number of days (GxP recommends at least 7 days).
- 6.Ensure the "Backup Window" is also set according to your organization's policies.
- 7.Click "Continue" and review your changes.
- 8.Select "Apply Immediately" if you want the changes to take effect right away.
- 9.Click "Modify DB Instance".
Step 2: Configure Database Snapshots
- 1.Return to the RDS console and select the "Snapshots" option in the navigation pane.
- 2.Click the “Take Snapshot” button.
- 3.Enter a name for your snapshot and choose the DB instance you want to back up.
- 4.Click "Take Snapshot".
Step 3: Set up Cross-Region Snapshots for Disaster Recovery (Optional)
- 1.Start by creating a manual snapshot or locate an existing snapshot.
- 2.Select the snapshot and click "Copy Snapshot".
- 3.Choose the destination region and give your snapshot a new name.
- 4.Click "Copy Snapshot".
Database Restoration
To restore a database from a backup or snapshot:
- 1.In the RDS console, select "Snapshots" or "Automated backups".
- 2.Click on the snapshot or backup you want to restore.
- 3.Click "Actions" and select "Restore Snapshot".
- 4.Specify the DB instance options and click "Restore DB Instance".
Backup Verification
It's critical to periodically verify the integrity of backups:
- 1.Restore a DB instance from a snapshot into a test environment.
- 2.Run integrity checks against your data to ensure the backup is consistent.
- 3.Record the results as the proof for compliance audits.
Remediation and Troubleshooting
If you encounter issues with your backup plan, follow these troubleshooting steps:
Automated Backups Not Initiating:
- Ensure that the DB instance is in an "Available" state.
- Check that you have not exceeded the maximum allowed manual snapshots.
Backups Failing:
- Review AWS RDS events for any error messages.
- Verify you have sufficient storage space for your backups.
Slow Performance During Backups:
- Scheduling backups during periods of low activity may help.
- Consider using Provisioned IOPS storage for better performance.
Disaster Recovery Test Failing:
- Ensure that snapshots are being copied to the appropriate region.
- Test the restoration process regularly to confirm that operations can be resumed quickly after a disaster.
Monitoring and Compliance
Set up monitoring alarms through Amazon CloudWatch to get alerted for backup-related issues. Use AWS Config to track changes and maintain compliance with GxP EU Annex 11 requirements.
By following these detailed steps and regularly assessing your RDS backup and recovery strategy, you'll ensure that your RDS DB instances adhere to GxP EU Annex 11 standards and preserve the integrity and availability of your database against data loss or system failures.