Disaster Recovery
Disaster recovery involves a set of policies, tools, and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.
TilliT has performed and reviewed comprehensive risk assessments using risk management tools and risk rating tools. These assessments have identified a range of risks that the business may face, including but not limited to AWS region outage, AWS service outage, AWS availability zone outage, corporate sabotage by disgruntled employees, external hacking, employee errors, data deletion, software bugs, data corruption, legal issues, personnel unavailability, and sabotage from external sources. To mitigate these risks, the business has implemented a range of controls, including but not limited to multi-region database backups with recovery procedures, multi-AZ databases, security measures to protect data, peer review processes, skilled staff, least privilege user rights, point-in-time recovery, data backup, managed services, AWS support, business processes, and up-to-date documentation. These controls are regularly reviewed and updated as needed to ensure they remain effective and appropriate for the changing risk landscape. The business is committed to maintaining a robust risk management framework that enables it to identify and mitigate potential risks, protect its operations and assets, and maintain the trust of its customers and stakeholders.
Services and Applications
The following is a list of all the applications, both customer facing and internal, considered important to running the business along with responsibility to recover application:
Service
Vendor
Tier
Recovery Responsibility
TilliT DO
TilliT
1
TilliT
Scheduler
TilliT
3
TilliT
Optimiser
TilliT
3
TilliT
Edge Devices
TilliT
2
TilliT/Customer
OData
TilliT
3
TilliT
Risk Assessment
This risk analysis describes events that may occur and impact the operation of TilliT systems, including controls we have in place to mitigate the risk. This assessment is performed using a Risk Management Framework.
Invocation Procedure
The disaster recovery plan is invoked when critical TilliT applications are no longer accessible to users for an extended period of time affecting our ability to deliver our products and services. It is the responsibility of the TilliT CTO to invoke the disaster recovery plan.
Scope
TilliT uses AWS serverless technologies and managed services like Aurora RDS. Options that improve resiliency should be used, where costs are reasonable, to improve our business continuity. Applications running in the cloud operate on a shared responsibility model, and it is our responsibility that services are well architected in a way that provides security and reliability before reaching production.
Our cloud network currently operates across two different availability zones. Databases operate as multi-az, serverless workloads such as lambda, either operate in our VPC, across two availability zones, or not in our VPC, AZ placement is then managed by AWS. S3 buckets and DynamoDB tables are multi-az by default and managed by AWS. Versioning is used to protect S3 and point-in-time recovery is enabled for DynamoDB.
Last updated