AskCody comes as Software-as-a-Service that is built on Microsoft Azure and hosted in the Microsoft Azure cloud. To get a full list of compliance offering and to find audit information, go to the related certification on https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings
We benefit from Microsoft’s unmatched scale and experience running trusted enterprise cloud services around the globe. This is why AskCody is built on Microsoft Azure.
In Europe, AskCody utilizes North Europe (Primary) and West Europe (Secondary) Azure regions (please see the attached infrastructure document at the bottom of this article for details). The service is fully managed by us. Maintenance and updates are included in your subscription. In North America, we utilize East US (Primary) and West US (Secondary). Learn more about regions here - http://azuredatacentermap.azurewebsites.net/
All secondary data centers (West Europe and West US) works as a storage and geographically redundant backup. In the case of emergency and disaster recovery is needed, the recovery time is 12 hours maximum. The loss of data will be limited to the latest 15 minutes. Replication between primary and secondary data centers is happening at a maximum delay of 15 minutes.
We benefit from Microsoft’s unmatched scale and experience running trusted enterprise cloud services around the globe and why AskCody is built on Microsoft Azure. We leverage Microsoft’s deep investments in technology, operational processes, and expertise to provide a trusted platform for the AskCody solution. With Microsoft as our supplier of cloud services, we can take advantage of the Azure cloud more quickly while reducing security and compliance costs and minimizing risk to your organization.
We understand that to realize the benefits of cloud computing you as a company must be willing to trust your cloud provider with your data. When you invest in a cloud service, you must be able to trust that your data is safe, that data privacy is protected, and that you own and control your data in all its uses. AskCody is divided into a European and North American setup due to data regulations based on the location you sign up for when you create your AskCody Account. Customer Data will never leave the Data Region on which the Customer Data is placed based on the location of the Customer, meaning the Customers in Europe will only be using Data Centers in Europe, and Customers in North America will only be using Data Centers in North America.
Backup on Azure
AskCody stores all data with redundancy on Microsoft Azure. Our databases support point-in-time backups to the minute, with 31-day retention.
Deletion of data by the end of a subscription (Or assisting the Customer on GDPR matters)
It is AskCody’s responsibility to permanently destroy the Customer Data upon Customer’s request, with special emphasis on destroying all data in scope in all locations, and provide a written certification of the destruction. AskCody shall at its own discretion determine data destruction schedules but shall wherever possible perform such destruction in accordance with Customers' requested timetable. Supplier shall have the obligation to wipe persistent media used for storing Customers Data or secure deletion of Customers Data with related techniques before it is released into re-use.
Due to AskCody being built as a generic SaaS solution on Azure, AskCody doesn’t have physical access to wipe and destroy media used for Customer data on Azure.
For customer-specific data, we will manually remove all identifying calendar data associated with your account from our database. Derivate anonymized data (i.e. "Total events booked on a platform this month") will not be removed, as it cannot be linked back to source data. User accounts associated with your organization may also be removed on request.
When subscriptions end, Customer Data will be available on the backup to the maximum of 1 month (30 days) after which time the data will be completely unobtainable. All backup data is encrypted using TLS+1.2.
Vulnerability assessment on Azure
AskCody comes as a Software as a Service is built on Microsoft Azure and hosted in the Microsoft Azure cloud. The vulnerability assessment in Azure Security Center is part of the Security Center recommendations. If the Security Center doesn't find a vulnerability assessment solution installed on your VM or network, it recommends that you install one. A partner agent, after being deployed, starts reporting vulnerability data to the partner’s management platform. In turn, the partner's management platform provides vulnerability and health monitoring data back to Security Center.
The Security Center Recommendations are monitored on a daily basis, and action is taken immediately if vulnerabilities are found.
Penetration testing on Azure
All the infrastructure on the Microsoft Azure Cloud is taken care of by the Microsoft Azure platform services. Microsoft performs penetration testing of the Azure environment. This helps improve the platform and guides actions in terms of improving security controls, introducing new security controls, and improving our security processes.
Business contingency on Azure in the event of serious disturbance
AskCody comes as a Software as a Service is built on Microsoft Azure and hosted in the Microsoft Azure cloud. Azure operates in multiple geographies around the world. An Azure geography is a defined area of the world that contains at least one Azure Region. An Azure region is an area within a geography, containing one or more data centers. In Europe, we utilize the North Europe (Primary) and West Europe (Secondary) Azure regions. Please see detailed description above.
Each Azure region is paired with another region within the same geography, together making a regional pair.
The AskCody platform is built so that we replicate workloads across regional pairs to benefit from Azure’s isolation and availability policies. For example, planned Azure system updates are deployed sequentially (not at the same time) across paired regions. That means that even in the rare event of a faulty update, both regions will not be affected simultaneously. Furthermore, in the unlikely event of a broad outage, recovery of at least one region out of every pair is prioritized.
To see an example of a hypothetical application which uses the regional pair for disaster recovery please go to https://docs.microsoft.com/en-us/azure/best-practices-availability-paired-regions