Security & Backup Policy

1. Security

Encryption at rest and in transit: Data and metadata are encrypted under the 256-bit Advanced Encryption Standard, and each encryption key is itself encrypted with a regularly rotated set of master keys. TLS connection is used in reading & writing all data and metadata.

Access control: Identity-based access control is enforced at the application level via OAuth 2.0 standards. Role-based access control is enforced at the organization and project levels.

Admin 2FA: All accounts that access code, CI/CD, SMTP, infrastructure, and data must have Two-Factor Authentication enabled. Production-level access is closely monitored.

Regular code analysis: Regular, ongoing dependency scans are performed as part of the CI/CD process to alert any vulnerabilities in the dependency chain.

2. Backup Policy

Recovery Time Objective: 3 hours

Recovery Point Objective: 1 day Restore Testing Frequency: Quarterly

Data Backup Cadence: Daily

File Backup Cadence: Daily

Last updated: July 13th, 2021

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.