LogoLogo
v2021-07
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
v2021-07
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
  • Welcome
  • FundApps Policies
    • Technical & Platform Overview
    • Software Development
    • Risk Management
      • Risk Management Framework
      • Information Asset Register
      • Information Systems Register
      • Data Classification and Protection Standard
    • Information Security Management System
      • Information Security Management Policy
      • Scope
      • Statement of Applicability
      • Objective Plan
      • Roles, Responsibilities and Organisation
      • Performance Evaluation
      • Internal Audit Policy
      • Internal Audit Plan 2021
      • Continual Improvement Process
      • Internal and External Communication Plan
      • Document Control Policy
    • Information Security Policies
      • Client Services Access to Client Environments
      • Employee Guide
      • Security Awareness Program
      • Social Media
      • Access Control
      • Physical Security
      • Network Security
      • Logging, Monitoring and Alerting
      • Incident Response
      • Data Backups
      • Privacy Policy
      • Vulnerability Management Policy
      • Security Exception Management Policy
      • Information Security Risk Register
      • Data Retention Policy
      • Patch Management Policy
    • Business Continuity
      • Business Continuity Management System
      • Business Continuity Policy
      • Business Continuity Risk Register
      • Technical Resilience
      • Business Continuity Documents
    • Personnel & Safety
      • Overview
      • Code of Conduct
      • Health and Safety
      • Third party vendors
  • Policy Change Log
    • July 2021
    • January 2021
    • August 2020
    • May 2020
    • March 2020
    • November 2019
    • September 2019
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. FundApps Policies
  2. Business Continuity

Technical Resilience

PreviousBusiness Continuity Risk RegisterNextBusiness Continuity Documents

Last updated 3 years ago

Was this helpful?

Our AWS stack is designed with two primary failure modes: Failover and Disaster Recovery. Failover is catered for entirely within a single geographic region using a highly available primary environment. In this primary environment data is replicated synchronously between multiple database servers and redundant systems are used to ensure the maximum possible continuity of service.

These redundant systems are distributed across several AWS Availability Zones (AZs) in a single geographic region (Dublin, Ireland). AWS have multiple AZs per geographic region, but each AZ has discrete power and internet connectivity. We use two availability zones simultaneously for web traffic, reducing the effect of any failure on the availability of the service, and three availability zones for hosting database services.

Disaster Recovery functionality is provided from a secondary geographic region (Frankfurt, Germany) and this mode is intended to meet a 4 hour RTO in case of total loss/failure of the primary environment. This is facilitated by shipping backups on a regular basis to encrypted storage in the region.

Configuration management and automation allows spin up of the other platform components in this region to support a deployment of the system in the absence of our primary geographic location.

The existing technical environment is designed to be resilient but there are always risks that could impact the availability of our service. These known risks are recorded on a risk register in accordance with our risk management framework and monitored for change in status. Opportunities for improvement are sought as part of the ongoing risk management process and the strategic development of the business.

Figure 2. Simplified overview of FundApps platform infrastructure at Amazon Web Services