Last updated: 25th August, 2022
To mitigate the unpredictability of disasters occurring, we have put these high-level safeguards in place to reduce the impact and help protect your research team and participants.
Physical Facility: remote backups are performed regularly and stored in a different physical location from the main servers.
Data Safety: all company information, design, and code management is stored redundantly across several locations.
Maximum Allowable Recovery Time: 24 hours to resume normal operations.
Disaster Simulation & Testing: Consent Kit conducts this once per year.
Business Impact Analysis (BIA)
Data loss, even on a small scale, can drastically affect research operations and even damage your company’s financial stability.
The first steps in planning recovery from unexpected disasters is to identify the the risks and prioritize the essential functions of the business. These are the functions that would considerably disrupt business operations, and may result in financial loss.
Viruses, hackers, natural disasters, and even user errors can create data loss, but Consent Kit has taken action to minimize these and other risks of data loss. Consent Kit’s Recovery Time Objective (RTO) is 24 hours to resume normal operations in the event of a disaster, with the goal of a full data restoration due to our robust data center security.
Taking into account risk attributes such as time of the day, likelihood, and advanced warning, Consent Kit has used the following disruption scenarios to guide our BIA:
- Physical damage to data center(s) to the point of outage.
- Damage to servers themselves.
- Power failure.
- Damage to, loss or corruption of information technology including:
- computers, operating systems, applications, and data.
- Multiple essential employee availability failure.
Business Continuity Planning (BCP)
Consent Kit has been designed to be recoverable and robust with physically separated servers.
Our main data center is managed by AWS. This data center is staffed 24/7, and includes multiple layers of security & authentication; including card key, PIN, & biometric measures.
As an additional safeguard to the main center, Consent Kit uses a warm mirror up-to-the-second data center to support a speedy recovery of critical data.
Moreover, because we know it’s important to store data in geographically-diverse locations, Consent Kit has DB backups off-site that use the same encryption as the primary hosts. This helps prevent against universally recognized events such as earthquakes, fires, and floods.
These measures help to ensure your data is protected to the highest level and we are able to function quickly in the event of a potential disaster.