This page outlines the Platform Policy for the Formpipe.Cloud platform.
Roles and Access Restrictions
Only the cloud services and support team staff have permanent access to Formpipe Cloud resources.
Members of the Formpipe delivery team may be granted temporary access to specific environments on a project by project basis.
All platform user accounts have Two-Factor Authentication (2FA) applied to mitigate the threat of account hijacking.
Access to customer environments via platform accounts is limited by default. Access is granted using on-demand privilege escalation for a limited time and is administered by us as the solution provider.
We provide the following uptime commitments for each of our service tiers (excluding maintenance windows,planned downtime and agreed downtime):
All Partner and Customer connections to the service are routed via approved IPs to the service endpoints.
Environments are partitioned into network segments and restrictions applied to only allow specific communication between them.
Formpipe support is carried out only via authorised Formpipe addresses.
Application traffic uses end-to-end transport layer encryption and/or application-specific encryption mechanisms (e.g. message-level encryption when sending payloads over other communication channels).
Data at rest is encrypted for Azure services and storage (Azure Blob Storage, and Azure SQL)
Environments have storage encryption applied and use Azure Key Vault to securely store encryption keys.
Formpipe Cloud’s Premium tier provides a highly available service by utilising multiple production nodes of our Lasernet product to provide increased resilience to node failures.
These nodes are also spread across different data centre locations, providing resilience to data centre level disruption.
This applies to service components that hold data or configuration, such as:
- Service Nodes
- Storage accounts
Backups are taken according to the following schedules and retention periods:
Test: No backups.
Standard: Locally Redundant Storage (LRS) is utilized to offer datacentre level redundancy for data and services. The weekly backup is stored for four weeks and the daily backup is stored for 28 days.
Premium: Globally Redundant Storage (GRS) is utilized to offer a global multi datacentre level of redundancy for data and services. GRS allows the backup data to be replicated to another Azure region for additional redundancy. The weekly backup is stored for four weeks and the daily backup is stored for 28 days.
Key Vaults are by default protected with both Locally Redundant Storage (LRS) and Zone Redundant Storage (ZRS). No further protection is required for this resource.
Formpipe Cloud’s Premium tier provides Disaster Recovery by utilising Azure’s site recovery service. This provides real-time replication of our production nodes to another geographical location.
This allows us to quickly move over to these nodes in a disaster scenario and provides resilience to geographic level disruption.
Platform updates are applied in a controlled way.
To ensure we are up to date with the latest Microsoft patches, in particular security updates, we use the Update Management feature in Azure to schedule automatic deployment of updates to each node.
Nodes are split up into Four groups for patching:
Update Group - Test Group: Internal Test Nodes
Update Group 1: Test Nodes
Update Group 2: Primary Nodes
Update Group 3: Secondary Nodes
Regression testing is carried out on our internal test nodes to ensure that the functionality of the system is not affected prior to roll out of updates to customer environments.
Update Group - Test Group - Wednesday, the 2nd week of each month.
Update Group 1 - Monday, the 3rd week of each month.
Update Group 2 - Wednesday, the 4th week of each month.
Update Group 3 - Thursday, the 4th week of each month.
All updates are scheduled for 3 a.m. local time to customer region. Servers are set to reboot automatically if required.
Software updates are offered to the partner and end customer on a yearly basis. These upgrades require that the partner and customer undertake appropriate testing before any updates are applied to Production.
Releases that include critical bug or security fixes may be applied immediately if the potential risk of leaving the system unpatched is too high.
After the patch has been applied, the partner/customer will be sent a report detailing the changes and justification for applying an emergency change.
Two re-occurring weekly maintenance windows are scheduled should there be a need for any configuration changes/maintenance work to be carried out.
Day/time of the set maintenance windows are listed below:
Tuesday: 8 to 10 p.m. Local time.
Thursday: 8 to 10 p.m. Local time.