I'm dealing with a pharmacy management system at both of my locations that uses SQL Express as its back-end, and I'm hitting a wall with the vendor. They have everything locked down, and I don't have any sort of access to our data. They conduct a nightly cloud backup that captures our databases and supporting files, but I also perform daily backups using Veeam. We've requested that the databases be set to full recovery mode because transaction logs could give us valuable point-in-time recovery options, but the vendor has consistently declined, citing it's against their policy. If we had to restore from yesterday's backup due to downtime, it would be a major disaster given our operational volume. I wonder if anyone has faced something similar or has any suggestions. In contrast, our dental patient management system runs on SQL standard, which gives us full access and transaction log backups every 15 minutes—this seems pretty standard for SQL back-ends after 30 years in the field. Thanks for reading! Also, we have a meeting with their Director of Development next week since we're unsure of any formal agreements or SLAs we might have with the vendor. I appreciate any insights!
4 Answers
Since SQL Express lacks proper log backups for point-in-time recovery, it might be worth pushing the vendor about RPO/RTO commitments. Escalating this issue through a contractual lens could lead to better results than just a technical fix.
For sure, definitely worth bringing up!
It seems like the vendor has a responsibility for backups and recovery. How have you approached them about this? If you've positioned your requests more as needs rather than demands, it might be more effective.
We’re not being aggressive or demanding; we’re just trying to request point-in-time recovery politely.
Have you checked if you have access to the vendor agreement? That might clarify your backup options and their obligations.
I’m not sure about that. I'm heading into a meeting with the pharmacy management and executives to figure out what we do have. This vendor is pretty outdated; we even had to get permission to install their server app on a proper server OS instead of a desktop OS. It's pretty wild!
If your contract outlines this, you might be at a disadvantage. However, if the data physically resides on your servers, I can't see how they can restrict your access entirely.
That's what I suspect as well. I think our agreement with them is just a standard boilerplate BAA.
Good call on that. I'm just about to meet with pharmacy management and the executive team soon.