Access Control Policy: Retention Science – Access Control Policy
Data Storage Location:
All data is stored in ReSci’s private VPC on Amazon Web Services (AWS) Cloudservers. Each client’s data is stored in a client-specific database.
Access to Data:
Only specific ReSci employees, on a need-to-know basis, have access to client data.
Servers are isolated from public internet using Amazon VPC and security groups are defined for strict control and limitation over access. SSH access is granted to specific servers only to key employees using private key authentication. We do not allow password-login. By default, all ports are closed, and only necessary ports are open to specific security groups. Employee access to AWS requires multi-factor authentication and strict password rotation rules are enforced.
Production Database Access:
Production database access is restricted only to key ReSci employees that require access. DB is isolated internally and protected using multiple layers of security and secure authorization best-practices. Systems are routinely monitored for performance and security.
Exception Tracking / Monitoring:
Production exceptions are tracked and reported via an internal notification system that will notify our on-call engineering team immediately in the event of an error. All exceptions are logged and monitored using multiple open source and in-house developed systems. Our monitoring covers system-level and application-level events and notifies us when there are any inconsistencies or unexpected spikes/dips, etc. Examples of events include monitoring client’s daily sends volume, campaigns, data imports, performance or latency of different services, etc.
Log Monitoring and Aggregation:
Application and system logs are aggregated and retained on servers. Logs are propagated to our notification / health service for monitoring and alerting purposes.
Server Patches and Security Updates:
Security updates are monitored daily and servers are patched as soon as an update is reported by our systems / ops engineers.
Backup / Replication:
Databases are replicated to multiple slaves for redundancy. For backups we a) perform database snapshots b) replicate to data-warehouse multiple times per day c) perform full server backups including database backups. These backup files are encrypted and stored on S3.