1.1 Data Centers: TERMSOUP’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under: (i) ISO 27001, (ii) SOC 1 and SOC 2/SSAE 16/ISAE 3402, (iii) PCI Level 1, (iv) FISMA Moderate, (v) Sarbanes-Oxley (SOX)
1.2 Physical Security: TERMSOUP utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
1.3 Network Security: AWS provides several security capabilities and services to increase privacy and control network access.
1.3.1 DDoS Mitigation: A combination of AWS services may be used to implement a defense in depth strategy and thwart DDoS attacks. Services designed with an automatic response to DDoS help minimize time to mitigate and reduce impact.
1.3.2 Encryption at Rest and in Transit: Amazon RDS allows users to encrypt their databases using keys they manage through AWS Key Management Service (KMS). On a database instance running with Amazon RDS encryption, data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots. Amazon RDS supports Transparent Data Encryption in SQL Server and Oracle. Transparent Data Encryption in Oracle is integrated with AWS CloudHSM, which allows TERMSOUP to securely generate, store, and manage TERMSOUP’s cryptographic keys in single-tenant Hardware Security Module (HSM) appliances within the AWS cloud. Amazon RDS supports the use of SSL to secure data in transit.
2. Availability and Durability
2.1 Automated Backups: Turned on by default, the automated backup feature of Amazon RDS enables point-in-time recovery for database instance. Amazon RDS will backup TERMSOUP’s database and transaction logs and store both for a specified retention period.
2.2 Database Snapshots: Database snapshots are user-initiated backups of TERMSOUP’s instance stored in Amazon S3 that are kept until they are explicitly deleted.
2.3 Automatic Host Replacement: Amazon RDS will automatically replace the compute instance powering TERMSOUP’s deployment in the event of a hardware failure.