/
Backup and Disaster Recovery Plan

Backup and Disaster Recovery Plan

1. Overview

This document defines the Backup and Disaster Recovery (BDR) strategy for the CostOS application, a self-hosted enterprise solution designed for cost estimation and financial management.

CostOS is deployed using an official installer package provided by the CostOS team.
All application configuration, user data, and transactional information are stored in two Microsoft SQL Server databases:

  • Master Database – stores system configuration, users, roles, and application metadata.

  • Project Database – stores all project-related data, cost structures, and work records.

Because the application server can be easily reinstalled using the official installer, recovery depends entirely on restoring these two databases.

This plan ensures that in the event of data loss, system failure, or disaster, the CostOS environment can be fully restored to operational status.

2. Objectives

2.1 Purpose

The purpose of this plan is to ensure:

  • Reliable and consistent backups of both CostOS databases (Master and Project).

  • Rapid restoration of service following failure or disaster.

  • Clear responsibilities and documented recovery procedures.

2.2 Scope

This plan covers:

  • Both SQL Server databases used by CostOS.

  • Backup automation, retention, and verification procedures.

  • Recovery using the CostOS installer and validated database backups.

It does not cover:

  • End-user workstations or temporary files.

  • Non-production or test environments (unless specifically included by policy).

3. System Components

Component

Description

Backup Requirement

Component

Description

Backup Requirement

Master Database

Stores configuration, users, roles, and system metadata.

Full, differential, and transaction log backups.

Project Database

Stores all project and operational data.

Full, differential, and transaction log backups.

Application Server (CostOS)

Provided via official installer; can be reinstalled easily.

No backup needed (installer maintained by vendor).

Configuration Files

Contains connection strings, encryption keys, and SSL certificates.

Backup if modified.

Operating System

Host environment (Windows/Linux).

Reinstallation documented; no OS-level backup required.

4. Backup Strategy

4.1 Database Backups

  • Backup Type: Full, differential, and transaction log backups for both databases.

  • Schedule:

    • Full backup: Daily (after business hours)

    • Differential backup: Every 6 hours

    • Transaction log backup: Every 30 minutes

  • Storage Locations:

    • Local storage (primary)

    • Off-site or network-attached storage (secondary)

    • Optional secure cloud repository (for redundancy)

  • Retention Policy:

    • Daily backups: 14 days

    • Weekly backups: 1 month

    • Monthly backups: 6 months

  • Encryption:
    All backup files are encrypted using AES-256 or organization-approved standards.

  • Integrity Check:
    Each backup is verified using SQL Server’s RESTORE VERIFYONLY command:

    RESTORE VERIFYONLY FROM DISK = 'D:\Backups\CostOS_Master_Full.bak'; RESTORE VERIFYONLY FROM DISK = 'D:\Backups\CostOS_Project_Full.bak';

4.2 Application Installer

The CostOS installer is provided and maintained by the vendor.
Customers must store a copy of the installer and any product license keys in a secure location.
If the installer is lost, a replacement can be obtained through CostOS Support.

4.3 Backup Automation

  • Automated via SQL Server Agent or scheduled PowerShell scripts.

  • Email notifications alert administrators on success or failure.

  • Backup job logs are retained for 30 days and reviewed weekly.

4.4 Off-Site Storage

  • Copies of verified backups are transferred daily to off-site or secondary storage.

  • Off-site repositories must be encrypted and access-controlled.

  • At least two backup copies (local and off-site) must exist at all times.

5. Disaster Recovery Strategy

5.1 Recovery Principle

CostOS can be fully recovered (100%) using:

  1. Verified backups of both the Master and Project databases.

  2. The official CostOS installer package.

No other data or configuration is required for complete recovery.

5.2 Common Scenarios

Scenario

Recovery Method

Scenario

Recovery Method

Database Corruption

Restore the latest verified backups of both databases.

Server Hardware Failure

Reinstall OS and CostOS using the installer, then reconnect to restored databases.

Ransomware or Data Breach

Wipe affected systems, reinstall CostOS, and restore from clean verified backups.

Data Center Outage

Deploy CostOS at secondary site using off-site backups.

6. Disaster Recovery Procedures

Step 1 – Prepare New Server

  1. Install a clean, supported OS (Windows Server or Linux).

  2. Install Microsoft SQL Server (same or compatible version).

  3. Confirm network connectivity and SQL permissions.

Step 2 – Restore Databases

  1. Copy verified backups of both databases to the new SQL Server.

  2. Restore each database:

    RESTORE DATABASE CostOS_Master FROM DISK = 'D:\Backups\CostOS_Master_Full.bak' WITH MOVE 'CostOS_Master_Data' TO 'D:\MSSQL\Data\CostOS_Master.mdf', MOVE 'CostOS_Master_Log' TO 'D:\MSSQL\Logs\CostOS_Master.ldf', REPLACE; RESTORE DATABASE CostOS_Project FROM DISK = 'D:\Backups\CostOS_Project_Full.bak' WITH MOVE 'CostOS_Project_Data' TO 'D:\MSSQL\Data\CostOS_Project.mdf', MOVE 'CostOS_Project_Log' TO 'D:\MSSQL\Logs\CostOS_Project.ldf', REPLACE;

  3. Validate with:

    DBCC CHECKDB('CostOS_Master'); DBCC CHECKDB('CostOS_Project');

Step 3 – Reinstall Application

  1. Run the official CostOS installer provided by the vendor.

  2. Follow installation prompts to deploy the application.

  3. Update configuration files with:

    • Connection strings for both databases

    • Database credentials

    • Encryption keys and SSL configuration

  4. Start CostOS and verify connectivity.

Step 4 – Verify and Test

  • Confirm login and user configuration (Master DB).

  • Open and test project data (Project DB).

  • Verify SSL/TLS certificate settings.

  • Run basic operations to confirm system readiness.

7. Testing & Validation

  • Backup Verification: Daily integrity checks for both databases.

  • Restoration Testing: Performed at least twice per year on a test system.

  • Documentation: All restoration and test outcomes are recorded and reviewed.

8. Recovery Objectives

Metric

Description

Target

Metric

Description

Target

RTO (Recovery Time Objective)

Maximum time to restore full CostOS functionality.

≤ 4 hours

RPO (Recovery Point Objective)

Maximum allowable data loss.

≤ 30 minutes (transaction log frequency)

9. Roles and Responsibilities

Role

Responsibilities

Role

Responsibilities

Database Administrator (DBA)

Manage backups, verify integrity, and restore both databases.

System Administrator

Reinstall OS and CostOS; configure connection to both databases.

IT Manager

Oversee the recovery process, approve testing, and sign off completion.

Security Officer

Ensure encryption, access controls, and compliance.

10. Documentation and Logs

  • Backup job logs and restoration test results retained for 12 months.

  • All recovery activities documented in the IT Change Management System.

  • Each restoration or test must be reviewed and approved by the IT Manager.

11. Conclusion

The CostOS Backup and Disaster Recovery Plan guarantees full recovery capability for both the Master and Project databases.
Through regular encrypted backups, verified restores, and simple reinstallation using the official CostOS installer, the system can achieve 100% data and functionality recovery with minimal downtime.