Database Backup and Restore SOP

Standard procedure for performing, retaining, testing, and restoring database backups, including audit and verification requirements.

Steps

• Confirm the backup scope and change record
  The operator verifies the database name, environment, backup type, retention requirement, and ticket number before starting. Record the following in the audit log: - Database or instance name - Production, staging, or test environment - Full, incremental, or differential backup type - Required retention period - Change, incident, or service request reference
• Verify backup prerequisites and access
  The operator verifies that required credentials, storage capacity, encryption settings, and maintenance windows are available. The operator confirms that the backup destination is reachable and that the account used for the backup has least-privilege access. If access is missing or storage is insufficient, the operator escalates to the service owner before proceeding.
• Run the database backup
  The operator starts the approved backup job for the selected database scope. The operator records the backup start time, backup type, destination, and job identifier. The operator does not modify production data during the backup window unless the approved procedure requires a consistent snapshot.
• Monitor the backup job for completion
  The operator monitors the job status until the backup completes or fails. If the job exceeds the expected duration tolerance or reports warnings, the operator records the deviation and continues monitoring. If the job fails, the operator escalates according to the incident severity matrix.
• Verify backup integrity and completeness
  The operator verifies the backup artifact using the approved validation method, such as checksum comparison, restore simulation, or vendor integrity check. The operator confirms that the backup includes the expected database objects and that no corruption or truncation is reported. If verification fails, the operator marks the backup as non-conforming and escalates for re-run or investigation.
• Store the backup in the approved retention location
  The operator confirms that the backup is encrypted, access-controlled, and stored in the approved repository. The operator applies the retention label or lifecycle policy required by the backup schedule. The operator records the storage location, retention expiration date, and any offsite or immutable copy details.
• Record audit evidence and completion status
  The operator documents the backup job ID, timestamp, database scope, verification result, storage location, and any deviations. The operator records the name or role of the person completing the task and the approval reference if required. The operator flags any non-conformance for review by the service owner or quality reviewer.
• Restore the database from a validated backup
  The operator confirms the restore target, restore point, and authorization before starting. The operator initiates the restore using the validated backup artifact and the approved restore method. The operator avoids overwriting production data unless the incident or change ticket explicitly authorizes it.
• Verify restored data and service readiness
  The operator verifies that the restored database opens, the expected records are present, and application connectivity is functional. The operator runs the approved smoke test or validation query set. If the restored data does not meet the acceptance criteria, the operator escalates and does not close the ticket.
• Close the ticket and retain restoration evidence
  The operator attaches the backup report, verification evidence, restore log, and validation results to the ticket. The operator records any deviations, corrective actions, and follow-up tasks. The operator closes the ticket only after required approvals and verification are complete.