Securing Your Data: Data Protection and Service Continuity

SAI360 considers it a privilege that you trust us with your data within our hosting environment and leverage our services as a critical part of your company processes. We know how important it is to secure sensitive data and have implemented various controls to ensure that the data remains secure. These are the same controls that we implemented to protect our most sensitive data within SAI360.

Our process for data protection and recovery stems around industry-standard principles. Active management and monitoring of these processes are part of the data protection policies that are observed for all customer systems. We measure and validate key performance indicators such as restore time objectives (RTO) and restore point objectives (RPO) annually. During this annual assessment, we address any efficiency improvements that are required.

Our strategy consists of multiple layers of protection leveraging 2 core technologies within the AWS ecosystem:

AWS Backup: Snapshot based technology that is application consistent and used for point in time recovery based on the level recovery of the virtual machine (VM). Replicated to secondary region for ransomware protection.

All backup and data storage practices are secured by default leveraging encrypted storage and backups using SAI360’s standardized encryption policy.

Encrypted backup daily on-site with 35 days retention and off-site backups with 60 days retention and 12 months of monthly providing a 4 hour RPO and a 6 hour RTO.

CloudEndure (Elastic DR Service): Block level replication technology that provides real-time replication to target region for in-scope servers.

Our platform is designed with leading service continuity principles to provide the best possible availability to our customers at all times:

Highly Available Database Clusters optimized for uptime and performance running our application workloads.

Always-on edge network availability from redundant path configuration to all application servers.

Automated DDoS attack mitigation up to 50Gbps for network and DNS attacks.

24×7 active management of the platform through automated system and security monitoring and alert management.

The platform has been architected in a way to reduce downtime for patching / maintenance as much as possible. Should there be planned downtime, customers will receive notification on the planned timing.

In case of a condition or event that poses a significant risk or threat to the normal operation of our cloud service, SAI360 reserves the right to shut down the cloud service for emergency maintenance immediately and we shall use reasonable efforts to provide notice, estimated time until completion, and periodic status updates of its efforts.

Information Security, Data Protection and Privacy Compliance

To the extent applicable to SAI360 operations, SAI360 complies with the laws of the countries where it operates, such as 201 CMR 17.00 Standards for the protection of personal information of residents of the Commonwealth (Massachusetts), California Consumer Privacy Act (CCPA) as amended by California Privacy Rights Act (CPRA), Colorado Privacy Act (CPA), Data Protection Act 2018 (UK) and UK General Data Protection Regulation (UK GDPR), General Data Protection Regulation (EU) 2016/679 (GDPR) and Regulation (EU) 216/679 of the European Parliament and of the Council, Health Information Technology for Economic and Clinical Health (HITECH) Act enacted as part of the American Recovery and Reinvestment Act of 2009, Health Insurance Portability and Accountability Act 1996 (HIPPA), Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada), S.C. 2000, c. 5, Privacy Act, 1988 ( C’th ) (including National Privacy Principles as amended from time to time), Virginia Consumer Data Protection Act (VCDPA), in addition to other regulatory obligations and applicable national/state laws.

SAI360’s privacy policy can be publicly viewed at Privacy Policy – SAI360