Based upon a Risk Assessment, does not currently believe there to be a material risk of this in any of its key vendors.į does not share the results of Business Continuity / Disaster Recovery testing, however, Business Continuity (including testing) is reviewed as part of the SOC 2 Audit process. Results of testing are reviewed by senior management as part of the Risk Management Program.Īs part of its Business Continuity Planning, maintains a list of alternate vendors who could replace key vendors if a key vendor were to become unusable for any reason. Please reference our latest SOC 2 report for more details.īusiness Continuity / Disaster Recovery - Service Operationsį is designed for continuity of function in a variety of disaster scenarios.į conducts regular tests of its Business Continuity and Disaster Recovery procedures (including ransomware testing) at least annually. InfoSec Program documentation includes proprietary information and is not provided to customers. Infrastructure Controls are reviewed as part of the SOC 2 Audit process. By launching instances in separate Availability Zones, applications are prevented from failure of a single location. Within Amazon Aurora, we operate multiple hot-backup servers across multiple Availability Zones.Īvailability Zones are distinct locations that are engineered to be insulated from failures in other Availability Zones. ![]() We use Amazon Aurora for primary storage of customer metadata. We operate redundant server instances in multiple datacenter locations ("Availability Zones") for every service in every region.Įvery customer who purchases a dedicated IP from actually receives two separate IPs that are hosted on separate infrastructure in separate datacenter locations ("Availability Zones"). Our service is designed to withstand the loss of any single datacenter location with no impact whatsoever to the service. The service is designed for High Availability. Please reference our latest SOC 2 report for more details. Incident Management is reviewed as part of the SOC 2 Audit process. All incidents are tracked and documented, including the root cause and any additional required remediation.į is often able to provide Incident Report on specific incidents when requested by customers. conducts regular tests and applies the lessons learned to improve the Incident Management Program. The Incident Management Team receives more in-depth training specific to their roles and responsibilities and receive refresher training at least annually.į has never suffered a breach, though Incident Management is regularly invoked for smaller incidents, such as customer-impacting availability issues. Employees and internal contractors receive training on the Incident Management Program as part of the Onboarding process and receive refresher training at least annually. Incident Response is one phase of the Incident Management Plan. Please reference our latest SOC 2 report for more details.į has an Incident Management Program that includes an Incident Handling Policy, Incident Identification Guideline, Incident Alert Procedure, Incident Management Plan and an Incident Management Team. This documentation is updated immediately as changes dictate, and receives an annual review, with all changes communicated and available immediately on the internal company avOS intranet site, and is reviewed as part of the SOC 2 Audit process. These documents include but are not limited to: Admin Access Reset Policy, Antivirus Policy, Asset Management Policy, Automated Network Drawings Procedures, Backup Policy, Backup/Restoration Test Procedures, Business Continuity Plan, Business Impact Analysis, Change Management Policy/Procedures, Data Breach Policy/Handling Procedures, Data Classification Policy/Listing, Data Retention Policy/Procedures, Document/Record Control Procedures, Employee Onboarding/Offboarding Policy/Procedures, Encryption Key Management Policy/Procedures, Incident Handling Policy/Management Plan/Identification Guideline/Alert Procedures, Information Security Policy (includes the Acceptable Use Policy), Laptop/Media Destruction Policy/Procedures, Network Monitoring Policy/Procedures, Penetration Testing Policy/Procedures, Phish Program Policy/Procedures, Risk Assessment/Risk Treatment Policy/Procedures, Risk Matrix, System Configuration Security Policy/Procedures, Vendor Management Policy/Procedures, Vulnerability Management Policy/Procedures. ![]() Internal Information Security documentation, such as policies, procedures, standards, guidelines and baselinesį InfoSec Program documentation includes proprietary information and is not provided to customers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |