Pandahrms is committed to ensuring the reliability, availability, and recoverability of customer data hosted on our platform. This policy outlines our approach to data backup, disaster recovery, and business continuity.

1. Backup Policy

We perform regular backups to safeguard customer data against accidental loss, corruption, or system failure.

• Backup Frequency: Full system and database backups are performed daily.

• Backup Retention: Backups are retained for a rolling period of 7 days.

• Storage Location: Backups are stored in secure, encrypted cloud storage geographically separate from the production environment.

• Encryption: All backup data is encrypted both in transit and at rest.

2. Disaster Recovery Plan (DRP)

Pandahrms has a structured disaster recovery process to resume operations in case of system failures or major incidents.

• Recovery Time Objective (RTO): ≤ 8 hours

• Recovery Point Objective (RPO): ≤ 24 hours

• Failover Procedures: Disaster recovery is executed through restoration from the latest backup to a separate standby environment.

• Testing: DR plans are tested semi-annually to ensure effectiveness and staff readiness.

3. Business Continuity

In the event of a disaster (e.g., cyberattack, hardware failure, or natural disaster):

• Critical services will be prioritized, including customer access, payroll generation, and statutory report availability.

• Pandahrms support and technical teams will notify affected customers and provide recovery updates within 4 hours of incident confirmation.

4. Customer Responsibilty

While Pandahrms implements rigorous backup and disaster recovery procedures, customers are also encouraged to:

• Download and store critical reports (e.g., payslips, bank files, statutory forms) regularly

• Maintain internal records and compliance archives in accordance with Malaysian legal requirements (minimum 7 years)