Disaster Recovery

TilliT has performed and reviewed comprehensive risk assessments using risk management tools and risk rating tools. These assessments have identified a range of risks that the business may face, including but not limited to AWS region outage, AWS service outage, AWS availability zone outage, corporate sabotage by disgruntled employees, external hacking, employee errors, data deletion, software bugs, data corruption, legal issues, personnel unavailability, and sabotage from external sources. To mitigate these risks, the business has implemented a range of controls, including but not limited to multi-region database backups with recovery procedures, multi-AZ databases, security measures to protect data, peer review processes, skilled staff, least privilege user rights, point-in-time recovery, data backup, managed services, AWS support, business processes, and up-to-date documentation. These controls are regularly reviewed and updated as needed to ensure they remain effective and appropriate for the changing risk landscape. The business is committed to maintaining a robust risk management framework that enables it to identify and mitigate potential risks, protect its operations and assets, and maintain the trust of its customers and stakeholders.

Services and Applications

The following is a list of all the applications, both customer facing and internal, considered important to running the business along with responsibility to recover application:

Risk Assessment

This risk analysis describes events that may occur and impact the operation of TilliT systems, including controls we have in place to mitigate the risk. This assessment is performed using a Risk Management Framework.

Invocation Procedure

The disaster recovery plan is invoked when critical TilliT applications are no longer accessible to users for an extended period of time affecting our ability to deliver our products and services. It is the responsibility of the TilliT CTO to invoke the disaster recovery plan.

Scope

TilliT uses AWS serverless technologies and managed services like Aurora RDS. Options that improve resiliency should be used, where costs are reasonable, to improve our business continuity. Applications running in the cloud operate on a shared responsibility model, and it is our responsibility that services are well architected in a way that provides security and reliability before reaching production.

Our cloud network currently operates across two different availability zones. Databases operate as multi-az, serverless workloads such as lambda, either operate in our VPC, across two availability zones, or not in our VPC, AZ placement is then managed by AWS. S3 buckets and DynamoDB tables are multi-az by default and managed by AWS. Versioning is used to protect S3 and point-in-time recovery is enabled for DynamoDB.