Sendense Documentation

Immutability And Legal Hold

How EBA repository immutability, governance mode, compliance mode, and legal hold relate to protection patterns.

Documents Home

Concept

Immutability And Legal Hold

How EBA repository immutability, governance mode, compliance mode, and legal hold relate to protection patterns.

ReadyCurrentimmutabilitylegal-holdgovernancecompliance

Immutability

Immutability is enabled on the EBA repository. Protection patterns decide whether their backups use that immutability and which mode applies.

How immutability protects a backup

Checked first

Repository Capability

The repository must support Object Lock. Sendense verifies this with repository capability checks before immutability can be used.

Governance or compliance

Pattern Opt-In

The protection pattern chooses whether its backups use repository immutability and which mode applies.

Per backup

Retain-Until Applied

Each protected backup receives a retain-until time derived from its retention.

Until expiry

Deletion Blocked

The backup cannot be deleted before its retain-until time passes. Legal hold blocks deletion regardless of retention until the hold is released.

Governance And Compliance Mode

Governance mode
The less restrictive mode. Recovery points are protected from normal deletion until their retention lock expires; administrative override behavior depends on repository capability and permissions.
Compliance mode
The stricter mode, intended for regulatory or policy requirements. Locked recovery points cannot normally be shortened or deleted until the retention period expires.

Choose compliance mode carefully

While active, compliance-style immutability is extend-only through normal operations. Select it deliberately rather than as a stronger default.

Pattern Immutability Eligibility

Not every EBA repository can support pattern immutability. It requires a version-aware EBA repository with Object Lock support and a qualified capability state, based on visible checks such as provider capability, bucket versioning, and repository mode.

When immutability is blocked, reprobe the repository, enable the required provider settings, or choose a qualified repository.

Eligible
The repository can support pattern immutability.
Blocked
The repository is missing a required capability or needs configuration.
Unknown
SHA has not completed a capability probe or cannot confirm the current state.

Bucket Default Retention

Some repositories expose bucket default retention: an administrator-managed repository policy that applies retention to future writes. It depends on repository capability, bucket versioning, and Object Lock support.

Bucket default retention is separate from protection-pattern retention. It can impose a repository-level retention floor, but protection patterns still define backup schedule and retention selection.

How Deletion Is Blocked

Immutability
Blocks deletion while a recovery point is inside its retention lock.
Legal hold
Blocks deletion while the recovery point is under a legal or administrative hold.
Dependency safety
Blocks deletion when another recovery point still depends on the data.

Re-checked before final deletion

Deletion and cleanup re-check governance before deleting. A recovery point that becomes held during its deletion grace period is not treated as eligible for final deletion.

Audit Trail

  • Repository capability changes and immutability changes are auditable.
  • Legal hold creation, update, expiry, and release are auditable.
  • Destructive cleanup actions require explicit operator intent and are auditable.

Related Docs