Scope and Objectives

This Continuity Policy explains the systems we use in the event of an unforeseen interruption of our service and the processes we take to recover.

Constant Monitoring

Every 60 seconds our services, website, API, network tools and backup systems are independently checked for availability and speed of access using a number of test locations spread globally. We currently use UpTimeRobot for these checks and you can see the live history of these checks here. If any service responds slowly or not at all, our support team is instantly notified to investigate.

In addition to our external monitoring we have a number of internal tools that are constantly checking website access, API access, server load, memory load, network bandwidth, and these tools show on a live dashboard so we can see all systems are working as expected and within limits. Should any part fall outside our acceptable limits we are automatically notified.

As well as our externally monitored uptime status and internal system tools, our server provider also includes a fully managed service with 24/7 monitoring and an incident response team to allow them, and us, to be alerted immediately should anything not work as expected. Their incident response team has the ability to access, investigate any issues, and perform operations to restore our services.

Backup

Daily at 6am UTC all customer data, system configurations, application settings and any other relevant data is backed up. Weekly at 5am UTC full server images are created. The data backup is sent to our secondary servers for restore testing. Two methods are used which are full server imagining and SQL structured data export.

Restore

Daily at 7am UTC our secondary servers are wiped of all data, application data, and website pages and fully restored using the backup sent earlier that day. Restoration starting and successful restoration status messages are sent to our monitoring service daily.

Disaster Recovery Testing

Our secondary servers are used for our main pre-release development testing in a live system. As these servers are used everyday by our approved internal developers, and internal testing software, we are immediately aware of any issues with the restoration that may not have been detected before. In addition, each month the servers are also tested by our approved external testing partner who test access through to our API, website, and they also perform security and compliance testing providing a comprehensive PCI-DSS and OWASP report available on request.

Emergency Access

As our secondary servers used for backup restoration are geographically independent from our main servers they can also be accessed and used directly should there be any interruption of service or access to our main servers.

Communication

The email addresses we hold for your account administrators will all be notified by email should we need to inform them of any continuity issues. They can also contact us directly on the approved contact points they have.