Reliability
Our server infrastructure provides secure data storage and high application availability. All application services are started on multiple servers with a load-balancing/fault-tolerance system to increase redundancy. Cluster topologies are classified by the N+1 level of high availability. User data is replicated to multiple availability regions.
Establishing a consistent uptime track record is impossible without proper monitoring. Our team is ready to react to any incident 24 hours a day, 7 days a week. We’ve developed a reliable system to ensure that select employees are instantly notified of any possible safety risks.
User data is stored on a failover cluster, backed up every 60 minutes and encrypted. No matter what happens, your work will stay safe. There are also daily backups of the entire database that are stored separately from the main data centre for a standard retention period of 180 days.
We have incident handling policies and procedures to address service availability, integrity, security, privacy, and confidentiality issues.
- Promptly respond to alerts of potential incidents
- Determine the severity of the incident
- If necessary, execute mitigation and containment measures
- Notify the stakeholders about the incident and its status using service available at https://status.valarea.com
- Gather and preserve evidence for investigative efforts
- Document a postmortem and develop a permanent triage plan
To address information security requirements during a major crisis or disaster impacting Valarea business operations, we maintain a disaster recovery plan.
The Valarea Infrastructure Team reviews and tests this plan annually. Relevant findings are documented and tracked until resolution.
Our Disaster Recovery Plan (DRP) addresses both durability and availability disasters. A durability disaster is defined as a complete or permanent loss of primary metadata data centres, or lost ability to communicate or serve data from metadata data centres.
We define a Recovery Time Objective (RTO), which is the duration of time and a service level in which business process or service must be restored after a disaster, and a Recovery Point Objective (RPO), which is the maximum tolerable period in which data might be lost from a service disruption. We
also measure the Recovery Time Actual (RTA) during Disaster Recovery testing; performed at least on an annual basis.
Valarea incident response and disaster recovery plans are subject to being tested at planned intervals and upon significant organisational or environmental changes.
Valarea production systems are housed at third-party sub-service organisation data centres and managed service providers located in the EU (Ireland). Sub-service organisation data centre SOC reports are reviewed at a minimum annually for sufficient security controls. These third-party service providers are responsible for the physical, environmental, and operational security controls at the boundaries of Valarea infrastructure. Valarea is responsible for the logical, network, and application security of our infrastructure housed at third-party data centres.
Our current managed service provider for processing and storage is responsible for the logical and network security of Valarea services provided through their infrastructure. Connections are protected through the managed service provider’s firewall, which is configured in a default deny-all mode. Valarea restricts access to the environment to a limited number of IP addresses and employees.
Our services are hosted on Microsoft Azure data centres. To know more about Microsoft Azure compliance, please visit https://docs.microsoft.com/en-us/azure/compliance
Azure & Valarea Compliance
Last modified 1yr ago