An incident is an unplanned disruption or an event that could lead to a loss in business operations, information security, IT systems, employees, customers, or other vital functions. The objectives of "normal" operation from an information security perspective are:
- Information is available and usable when required and systems that provide it resist attacks and are available (availability)
- Information is observed by or available to only those who have the right to know (integrity)
- Business transactions and information exchanges between customers or with partners can be trusted (authenticity and non-repudiation)
Our incident lifecycle processes ensure that in case of a disrupting event or problem in the product, systems, services and operations are responded and operation is restored to normal as soon as possible. This process is in place for:
- Primarily to restore normal operation as soon as possible.
- Determine the severity of the given incident, and act accordingly.
- To execute external customer stakeholder communication as needed.
- The incident records and reports ensure that the cases are well documented, analyzed and the lessons learned are known to prevent or help the resolution of further occurrences.
All our incident response policies and processes are tested and refined regularly and audited as part of our ISO 27001 certification.
Tresorit has a Business Continuity Management (BCM) system in place to prepare the organization
- for interruption of critical business process
- to ensure that a certain level of critical services is maintained in case of a crisis
- to ensure that the restoration of critical business process, resources to normal operation happens as soon as possible
- to ensure proper communication with customers
In line with Tresorit's objectives, it is necessary
- to ensure the smooth running of business operations and their supporting processes
- to detect incidents as soon as possible after their occurrence
- to respond and react effectively and promptly to interruptions and preserve the compliance level of the operating environment.
Our Business Continuity Policy specifies a framework for business continuity requirements related to the processes and services provided by Tresorit. By applying, continually extending and improving the system, the goal is to reduce operational continuity risks, increase responsiveness and increase efficiency.
We conduct a business impact assessment (BIA) regularly and in case of any significant change to identify processes critical to Tresorit, assess the potential impact of disruptions, set prioritized timeframes for recovery. We also conduct risks assessment at least annually. The risk assessment helps us systematically identify, analyze, and evaluate the risk of disruptive incidents.
Together, the risk assessment and BIA provide input for our continuity priorities, and mitigation and recovery strategies for business continuity plans (BCPs). Teams identified as critical to Tresorit’s continuity use this information to develop BCPs for their critical processes. These plans help the teams know who is responsible for resuming processes if there’s an emergency, a substitute process is identified for human resources, IT network and devices, office buildings, utilities. These plans help prepare us for disruptive incidents by centralizing our recovery plans and other important information, such as when and how the plan should be used, contact information, important apps, and recovery strategies.
As a SaaS product one of the most important risk factors are software vulnerabilities. Thus, we have a specialized process for managing the risks of software vulnerabilities.
We have an internal SLA in place for any security issue, where based on the severity we commit to a target resolution and deployment times. The severity is defined based on impact, probability and ease of exploitation.
We have a process in place to triage vulnerabilities coming from external reports, our annual external penetration tests, and continuous internal security testing as well as our automated vulnerability detection tools.
Disaster Recovery Processes (DRP) coordinate the recovery of critical business functions and managing and supporting the business recovery. This can include either short or long-term disasters or other disruptions such as natural or man-made disasters.
Our priorities in a disaster situation are to:
- Ensure the safety of employees and visitors in the office buildings.
- Ensure availability of user data
- Mitigate threats or limit the damage that threats can cause.
- Have advanced preparations to ensure that critical business functions can continue.
- Have documented plans and procedures to ensure the quick, effective execution of recovery strategies for critical business functions.
A national disaster (or an international one such as nuclear war) is beyond the current scope of Tresorit's BCM. Our goal is to extend our DRP to a level where we can provide custom assurances to enterprise customers in case of a catastrophic event effecting one of our main datacenters and to extend this capability to all our customers in time.
For customers requiring this need today, the synchronization functionality provided by our desktop applications fulfill this need and allows our customers to have an off-site copy of their data.
For customers with either a compliance or redundancy need not fulfilled by our current architecture we provide the capability to choose a primary data location residing on 4 continents and many geographic regions. Or in case of a custom agreement the capability to use their own Azure subscription for the purpose of storing their encrypted content.
Production systems are housed at third-party organizations that are responsible for the physical, environmental and operational security controls of the Tresorit infrastructure. Our contracts with these organizations and the certifications of their data centers are reviewed at least annually.
For critical parts of our service, we rely on our managed service provider, Microsoft Azure. They provide us processing and storage capabilities as well as logical and network security is provided by their infrastructure. All connections go through Azure firewalls, being in all-deny mode, except for a very limited number of IP addresses and credentials accessible by limited employees.
We have backups and point-in-time restore capabilities in place for the most important metadata that we are storing in SQL, which is useful for scenarios such as incidents caused by errors or incorrectly modified data. All encrypted content is stored redundantly and replicated three times inside the selected primary region of the customer. This provides at least 99.999999999% (11 nines) durability of files for a given year.
Our servers are load-balanced, with automatic scaling in rules in place to provide a reliable and robust service for the variable load coming from our end-users.
All business continuity plans, and disaster recovery plans are verified and tested at least once in every two years. They are tested on different levels according to an approved testing goal and test plan, documented internally and reviewed during our ISO 27001 certification process. Based on the results of the testing, as well as experience from actual incidents, our teams update and improve their plans to address issues and strengthen their response capabilities.
At least annually our executive staff reviews our whole Business Continuity Management System.