Comment on page
Our server infrastructure provides secure data storage and high application availability. All application services are started on multiple servers with a load-balancing/fault-tolerance system to increase redundancy. Cluster topologies are classified by the N+1 level of high availability. User data is replicated to multiple availability regions.
Establishing a consistent uptime track record is impossible without proper monitoring. Our team is ready to react to any incident 24 hours a day, 7 days a week. We’ve developed a reliable system to ensure that select employees are instantly notified of any possible safety risks.
User data is stored on a failover cluster, backed up every 60 minutes and encrypted. No matter what happens, your work will stay safe. There are also daily backups of the entire database that are stored separately from the main data centre for a standard retention period of 180 days.
We have incident handling policies and procedures to address service availability, integrity, security, privacy, and confidentiality issues.
- Promptly respond to alerts of potential incidents
- Determine the severity of the incident
- If necessary, execute mitigation and containment measures
- Gather and preserve evidence for investigative efforts
- Document a postmortem and develop a permanent triage plan
To address information security requirements during a major crisis or disaster impacting Mago business operations, we maintain a disaster recovery plan.
The Mago Infrastructure Team reviews and tests this plan annually. Relevant findings are documented and tracked until resolution.
Our Disaster Recovery Plan (DRP) addresses both durability and availability disasters. A durability disaster is defined as a complete or permanent loss of primary metadata data centres, or lost ability to communicate or serve data from metadata data centres.
We define a Recovery Time Objective (RTO), which is the duration of time and a service level in which business process or service must be restored after a disaster, and a Recovery Point Objective (RPO), which is the maximum tolerable period in which data might be lost from a service disruption. We also measure the Recovery Time Actual (RTA) during Disaster Recovery testing; performed at least on an annual basis.
Mago incident response and disaster recovery plans are subject to being tested at planned intervals and upon significant organisational or environmental changes.
Mago production systems are housed at third-party sub-service organisation data centres and managed service providers located in the EU (Ireland). Sub-service organisation data centre SOC reports are reviewed at a minimum annually for sufficient security controls. These third-party service providers are responsible for the physical, environmental, and operational security controls at the boundaries of Mago infrastructure. Mago is responsible for the logical, network, and application security of our infrastructure housed at third-party data centres.
Our current managed service provider for processing and storage is responsible for the logical and network security of Mago services provided through their infrastructure. Connections are protected through the managed service provider’s firewall, which is configured in a default deny-all mode. Mago restricts access to the environment to a limited number of IP addresses and employees.
Azure & Mago Compliance