The Seal Platform
WebsiteGet StartedContact Us
The Seal Platform
  • Website
  • Contact Sales
  • Logging in & System Requirements
  • Get Started Here
  • Moving to Seal
    • Migration
    • Implementation
  • Manage
    • Where do I start?
    • Creating Types
      • Documents
      • Work Done
      • Files
        • Extracting Fields with AI
      • Scripts
        • Writing Scripts with the Seal Module
        • Script Action Buttons
      • Charts
      • Converting Between Types
    • Adding Content and Fields
      • Computed Titles
      • Formatting Text
      • Formulas
      • Numbered Lists
      • Setting Assignees
      • Setting Out-of-Specifications
      • Setting Review Requirements
      • Submission Tables
    • Executing Types: Test Instances
    • Work Instructions
    • Change Sets
    • Active Versions
    • Training
    • API
  • Operate
    • Where do I start?
    • Re-executing Instances
    • Reviewing
  • MISC
    • Glossary
    • Inbox
    • Search Page and Saved Views
    • User Permissions and Roles
    • Tags
    • Github Integration
    • Change Management
    • Seal Changelog
  • Video Guides
    • Creating Templates
    • Creating and Reviewing Instances
    • Sending and Completing Trainings
  • Validation
    • Why do I need to validate my platform?
    • What is needed from my end for validation?
    • How is my system validated?
      • Baseline Validation
      • Configuration Validation
      • Compliance Validation
      • What about IQ, OQ, or PQ?
      • Automatic Revalidation
        • Change Controls
      • How do I know if my system is compliant to a standard?
        • Setting up your System
        • Performing Compliance Validation
    • GxP Validation for enterprise customers
    • Can I download a Validation Report?
      • Software Functionality Verification
    • Common Validation FAQs
  • Product Quality
    • Seal's Guarantee of Quality
    • Product Development Lifecycle
    • Platform Operation Tests
    • Incident Procedure
  • IT & Security Policies
    • Seal's Tech Stack
    • Data Storage and Security
    • Cloud Servers vs On-Premises File Servers
    • Data Backup and Disaster Recovery
    • Disaster Recovery Plan
    • Handling Confidential Data
    • Common IT FAQs
  • Regulatory Standards
    • 21 CFR Part 11
    • EU Volume 4 Annex 11
    • ISO 13485 Medical Devices
    • Clinical Laboratory Improvement Amendments (CLIA)
  • Support
    • Contact us
Powered by GitBook

Copyright © Seal 2025. All Rights Reserved.

On this page
  1. IT & Security Policies

Data Backup and Disaster Recovery

Last updated 22 days ago

This page offers a brief overview of information regarding data backup and recovery. It does not delve into comprehensive details or serve as legal counsel. For more information, please refer to .

Data Backups

All production data (servers and databases) are stored in physically secure data centres, in Europe-West-2. Enterprise customers have an option to choose the location of data storage.

Backups are performed daily and are typically held for a period of 28 days. With point-in-time restore, the database in its previous state can be restored, if required.

The backup process applies to all application data. Uploaded files are stored in object storage. Raw files, images and other attachments have a minimum 5 year retention policy, but lifetime will be guaranteed for the duration of Seal platform usage, or according to contractual agreements.

All backups are encrypted and replicated across the GCP, providing additional redundancy storage. GCP maintains that the infrastructure systems in place are designed to eliminate points of failure and minimise the impact of environmental risks, with power systems designed in continuous operations for 24 hours a day, 7 days a week.

Availability Upon Customer Request

Seal is committed to ensuring customer confidence in the way data is stored within the platform — it is possible to adapt to be compliant with our clients’ data integrity requirements. Upon request, backups may be held for longer periods of time. Furthermore, we are also able to assist in the deployment of a self-hosted platform for enterprise clients.

Data Incidents

Seal maintains a variety of channels to monitor data and security incidents.

The Seal team have defined roles for incident response, both internally in the resolution of the incident, and externally, in the communication to customers. We promise both transparency and rapid action.

Quarterly, there is refinement of our internal processes within our leadership team to ensure that a timely and effective response plan is in place. Seal maintains a thorough internal disaster mitigation plan, to design and build our platform and services in a way that minimises security threats.

We also maintain an ongoing, internal on-call rota to minimise incident response time and provide out-of-hours support.

In an event of a Data Incident, Seal is committed to notifying customers promptly and will take swift action to minimize potential harm and secure affected data. Seal also recommends customers to take measures to address data incidents.

For more information, please refer to the .

Note that Seal is not obligated to review Customer Data for compliance with specific legal requirements, and any notification or response regarding a Data Incident does not constitute an admission of fault or liability.

Disaster Recovery

Seal maintains a , with regular exercises being an essential part of our incident preparation. The team ensures the mitigation of disaster through internal practices and a regular alignment on procedures.

The alert workflow graphic below represents our mechanism of response to incidents

Any incident must be communicated to the disaster recovery lead (or the first-responder responsible at the time, as defined by our on-call rota) in a timely manner. This must be communicated in parallel to the customer deployments manager and senior engineering contact.

In the event of an incident, the team ensures regular communication with the customer via the customer deployment manager and senior engineering contact, with frequent and timely updates on actions and progress.

The Seal team evaluates the improvements that need to be made during a DRP exercise, and works to swiftly implement these as necessary. Such DRP exercises ensure that the Seal team are familiar with their roles and responsibilities.

The DRP measures may be updated, and it is ensured that updates do not result in a reduction of data security or data recovery services and measures.

Additionally, GCP has designed and regularly executes its business continuity planning/disaster recovery programs.

Google's Cloud Data Processing Addendum
Disaster Recovery Plan (DRP)
Disaster Recovery Plan (DRP)