Learn about how we keep your assets secure. From incident response, risk management and SLAs, to business continuity and disaster recovery.
Oneflow is built with redundancy at every layer of its infrastructure, utilizing AWS to achieve a secure, redundant system. The application, databases, storage and auxiliary services are hosted in multiple availability zones (AZs) in Ireland, EU to allow for sporadic failures without any loss of availability, functionality or customer data.
Customer and system data is stored at encrypted mirrored databases in two different AWS AZ’s with multiple layers of backup strategies. Customer documents and files are encrypted and stored on Amazon Simple Storage Service (S3) and replicated across multiple data centers automatically. AWS enables scaling to meet increased load and increase redundancy. This is true for all levels of the service, from our CDN, to our application load balancers, to the application servers themselves, the backend workers, the search services, and the storage layers.
Oneflow has a comprehensive Information Security Incident Management Policy which includes identification, classification, logging, notification, analysis, remediation, and incident post mortems. We aim to notify customers within 24 hours of a confirmed breach.
All incidents are impact assessed and categorised in order to determine their severity and urgency. Oneflow’s Incident Management Team is deployed when a confirmed incident has been logged. The team includes the Information Security Team, CTO and Senior Developers.
Oneflow has a comprehensive Information Security Risk Management Policy detailing how risks should be identified, analysed, evaluated and mitigated. Risks are scored on their likelihood of occurring and the potential impact to the organization and its customers. All risks are assessed and remediated in accordance with our remediation timescales which is based on best practices.
Oneflow also has an established Information Security Risk Committee who conclude on mitigation actions for critical risks and act as an advisory group to the Information Security Team.
Service level agreement
We aim to exceed customer expectations at every opportunity and set the highest service standards. We perform regular updates and maintenance on the Oneflow application, without impacting on availability. A comprehensive Service Level Agreements (SLAs) covers legal obligations for uptime and availability.
In the rare event where it’s absolutely necessary to take the application offline to conduct maintenance, this will be planned in advance to minimize disruption to customers i.e. during low usage hours.
Business Continuity and Disaster Recovery
Oneflow has a comprehensive Business Continuity and Disaster Recovery Policy in place to maintain the availability of the application. This is reviewed at least once annually or whenever significant changes have been made.
It sets out our approach to conducting Business Impact Analysis (BIA), Risk Assessments, setting RPO’s (Recovery Point Objective) & RTO’s (Recovery Time Objective) and the development and implementation of Business Continuity Plans.
This policy means we can quickly respond to events that could affect the availability of the application, reducing the risk of downtime. To reduce unscheduled outage, we also take regular backups and follow a robust change management process.