1.04 Security and Availability
Posted by Sherry Cusano on 28 October 2020 07:05 AM
LabArchives Scheduler US Cloud - Security and Availability Details
- LabArchives Scheduler uses Amazon Web Services (AWS) for all infrastructure needs such as data centers, servers, storage, databases, networking, etc.
- LabArchives Scheduler currently resides in the AWS-N. Virginia region (for primary) with AWS-Ohio region (for disaster recovery). No data or backups leave the United States.
- LabArchives Scheduler disaster recovery region can operate at the same capacity as the production region.
- LabArchives Scheduler was designed to easily scale its performance and storage capabilities without downtime.
- LabArchives Scheduler active data and backups are stored with encryption at rest via AES-256
- LabArchives Scheduler traffic is encrypted in transit via HTTPS over TLS 1.2 with RSA-2048 SSL certificates
- LabArchives Scheduler servers only support traffic over HTTP/80 and HTTPS/443 with any access to HTTP forwarding to HTTPS
- LabArchives Scheduler file attachments are backed up to our Disaster Recover site every 2 hours
- LabArchives Scheduler has Business Continuity and Disaster Recovery Plans that include procedures, roles and contact information to be used in the event of an incident or disaster.
- Critical server statistics and accessibility details are monitored from multiple locations worldwide continuously. Systems staff are ready to respond 24/7/365 when thresholds for performance and availability are reached.
- Any direct access into primary and disaster recovery systems is limited to LabArchives systems staff and is secured with 2FA or MFA authentication. No 3rd parties or cloud services are employed to manage any resources that hold customer data.
- LabArchives Scheduler systems and networks are completely isolated from other corporate servers such as email systems, networks, etc. Additionally, QA and production networks are geographically separate.
- All LabArchives new hires, consultants and contract workers undergo a full federal and state background check and security training at time of hire. LabArchives staff undergo security training at least annually with additional training programs throughout the year.
- LabArchives maintains a business support contract with Amazon Web Services for fast response to any infrastructure issues.