-2.png?width=221&height=60&name=Navigo_Logo_High_Res%20(1)-2.png){kind=logo}
Backup & Disaster Recovery
This page describes backup and recovery services for Navigo Managed Services customers.
Data Retention
For customers using org.manager charts the application is only ever storing a replica of your data.
Customers using Simulation & Archive will have additional non-replica data stored in the encrypted org.manager OCV file.
Backups
Customer data directories on Navigo managed application servers are backed-up daily. The backup is stored using Azure Storage encryption on an Azure geo-redundant storage for 30 days. This way the backup location is outside of the operating data centre.
Both database and files are backed up using industry standard tools and our hosting provider monitors the status of these backups. The data at rest is encrypted using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant. In addition to encryption at rest, all your backup data in transit is transferred over HTTPS. It always remains on the Azure backbone network.
Information about which regions host the backups can be found under https://docs.microsoft.com/en-us/azure/best-prac-tices-availability-paired-regions
Backups are only used for disaster recovery; individual restore actions are not supported.
Recovery Time Objective 120 minutes
Recommended backup cycle: 24 hours / RPO of 1,440 minutes
Disaster Recovery
In event of disaster or sustained outage, full failover capability exists, and disaster recovery procedures are adhered to in restoration of service from the backup Data Centre and data.
For Navigo Managed Services Customers data backup is provided via the Microsoft Azure Backup service.
Backups include the org.manager configuration file (<10 MB), the org.directory folder (contains all created org charts and simulations) and a work folder in which e.g. the *.bat file for the daily refresh is stored. Those three resources enable a fast rebuild of the application in case of a server recovery. Ongoing technical support provided by Navigo based in Melbourne / AEST timezone. The application is divided into individual container images and can be restored at any time. Customer data can be restored from the existing backup into the new cluster. Logs are stored as files at the respective tenant, in the logging system and are therefore included in the backup.
For org.manager the target RTO (Recovery Time Objective) is 120 minutes and RPO (Recovery Point Objective) is 24 hours.
Navigo’s policy is to immediately inform customers upon a security incident being identified which involves customer data.
See Navigo’s policy on continuity and disaster recovery for more information regarding the Disaster Recovery for org.manager.
Frequently Asked Questions
|
Questions |
Answers |
|---|---|
|
What is your availability/uptime SLA (eg. 99.999% or five-nines)? |
99.95% See: SLA summary for Azure services |
|
What is your downtime plan (e.g., service upgrade, patch, etc.)? |
All planned maintenance will occur in the standard maintenance window. |
|
How is the data backed up? |
For Navigo Managed Services Customers data backup is provided via the Microsoft Azure Backup service. All backups are stored inside the Asia Pacific (Sydney) region of Azure. Customer data directories on our application servers are backed-up daily. Both database and files are backed up using industry standard tools and our hosting provider monitors the status of these backups. Please see: Backups, (OPM) - Information Systems Operational Management Policy. |
|
Are backups encrypted at rest? |
Yes. Data transfer of backups are encrypted. |
|
What’s the backup retention period? |
Backups retained for 14 days. |
|
Where are these backups stored? |
Backups are stored in Azure Sydney, Australia. |
|
Who has access to the backup servers? |
Only employees with approved business need are provided access, and are subject to background checks, approval chain, etc. as for any other access to sensitive or confidential data. |
|
What are your data breach handling procedures? |
In the event of a confirmed breach of customer data, Navigo will notify customer within 24 hours with ongoing periodic updates until resolution. |
|
Is proper notification in place and occurs within a specified time period? |
Yes, within 24 Hours |
|
What is the format of these notifications and what info do they contain? |
Notifications may come in the form of email notification or phone call. Notification will contain timing, details of incident, and remediation details. |
|
Can you provide us your incident response procedures? |
See Navigo Processes & Procedures / Navigo Business Continuity Plan. |
|
What is your log and audit data retention policy? |
Navigo use Azure Monitor alarms to monitor access and configuration changes to the environments. Logs persist for 90 days. Azure Monitor is used to monitor all system and/or user events. This includes successful and attempted logins to Azure via the Azure Console or API. Authentication events are forwarded to Monitor which will in turn trigger an alarm in Azure and send a notification to our Slack Security Channels Audit Trail logs against each record, listing every activity against that record and by who. There is also a System Log which logs configuration changes made and by who. Customers are able to have access to logs at the time of incidents. |
|
Can you keep them as long as we desire? |
No |
|
Can we have dedicated storage of logs and audit trails, and if so, how? |
Yes. A non-reputable audit output with logging published to isolated folders is able to be setup on request. |
|
Can you show evidence of tamper-proofing for logs and audit trails? |
Logs are centrally managed wherein tampering is detected. |
|
How often are DR tests performed? When was the last test performed? |
Annually on the 1st of May |
|
What recourse actions (e.g., financial compensation, early exit of contracts, etc.) can we agree on in the event of a security incident or failure to meet SLA? |
See the Navigo Service Level Agreement |