getStatus production services are hosted on Amazon Web Services’ (“AWS”) EC2 platform. The physical servers are located in AWS’s secure data centers. From Amazon’s documentation:
AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). We undergo annual SOC 1 audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems.
Further information on the security of AWS EC2 data centers is available directly from Amazon at http://aws.amazon.com/security/.
All user content is stored within AWS. getStatus’ production environment is hosted on an AWS EC2 platform. User content can also be found in getStatus backups, stored in AWS EC2 & S3
Encryption In-TransitgetStatus uses industry standard Transport Layer Security (“TLS”) to create a secure connection using 128bit Advanced Encryption Standard (“AES”) encryption. This includes all data sent between the web, iOS, and Android apps and the getStatus servers. There is no non-TLS option for connecting to app.getStatus.online. All connections are made securely over https.
Data Within getStatus
Upon account creation, getStatus users are asked for name, and email. getStatus makes no assumptions about the types of data that a given customer may choose to store within its service. getStatus is a visual collaboration tool that supports organizing of data into milestones, timeline, and projects and can include attachments, but the specific nature of what is stored is up to the client.
Admins will be set via your account sign-up. Once setup, account password can be changed (encrypted in database). Read-only (“passenger”) roles can be assigned within the app itself.
Data can be accessed by users who have access to such data within the app from any geolocation. All access to user data is via the API which includes strict authorization checks. All server role interactions go through strict security group/firewall rules which limits access to authorized instance roles on authorized ports required for them to fulfill their role.
Data entered into getStatus is backed up regularly.
A full backup snapshot of the primary database is taken once every 24 hours.
Files uploaded to getStatus as project attachments are not backed up on the same schedule, and instead rely on Amazon S3’s internal redundancy mechanism.
All getStatus backups are retained AWS S3 for 30 days
Only authorised members of the getStatus operations team have access to the backup locations, so that they are able to monitor the performance of the backup processes, and in the very unlikely event that a restore becomes necessary.