Versions Compared

Old Version 4

changes.mady.by.user Steffan Stringer

Saved on

compared with

New Version 5

changes.mady.by.user Steffan Stringer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note that AWS RDS policies and mechanisms for physical and environmental security, media disposal and backup procedures are audited on a periodic basis. AWS SOC audit reports are available for customer review upon request.

Business Continuity

ClinSpark was designed to be inherently resilient and to maximize availability and to minimize downtime. Much of this resilience is owed to the hosting infrastructure, the Amazon Web Services (AWS)cloud. The design requirements that determine this level of resilience are specified in the Infrastructure Architecture document and to a lesser degree in the ClinSpark Application Architecture document. These documents are updated and revised from time to time as required and are available to customers upon request. ClinSpark is designed to:

  • Maintain high availability –single points of failure are eliminated

  • Have high fault tolerance –application and database servers fail. Service to the customer must not be interrupted and recovery time must be quick

  • Survive a full datacenter disaster without data loss or significant inconvenience to a customer

Testing

Recovery following a full data center disaster is designed to be automatic and transparent.

As such there is not a manual disaster recovery procedure or process. Robustness in the face of a disaster is an application and infrastructure architectural characteristic. Recovery is designed to complete automatically, potentially before users or support teams even realize that an outage has occurred. Testing simulates outages at multiple layers of the infrastructure and verifies that automated recovery has taken place as designed.

To simulate this disaster scenario, each layer of the infrastructure within a single AWS Availability Zone (AZ) (equivalent to a data center) is forcibly brought down. This is done in two separate exercises. The first targets the Elastic Beanstalk application server layer. The second targets the RDS database master. In both cases, the stimulus is a forced failure of all resources within an AZ. The verification is an observation of how the infrastructure responds automatically. The system is expected to recover within the expected timeframe, with no support intervention. See also https://foundryhealth.atlassian.net/wiki/spaces/DOCS/pages/3708420496/ClinSpark+Application+SLA?src=search.

Testing occurs annually.

Access Controls

Starting with ClinSpark 1.5, all customer PROD Main superadmin support accounts are protected via MFA.

...