AWS Hosting Information
Amazon Web Services (AWS) delivers a scalable cloud computing platform with high availability and dependability, providing the tools that enable customers to run a wide range of applications. Helping to protect the confidentiality, integrity, and availability of their customers’ systems and data is of the utmost importance to AWS, as is maintaining their customer’s trust and confidence.
Location of Data Center Infrastructure
Physical and Environmental Security
Data centers are state of the art. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. Other security services such as Fire Detection and Suppression, Power, Climate and Temperature, Facility Management and Storage Device Decommissioning are carried out sustainably.
The AWS network has been architected to permit the highest level of security and resiliency appropriate to AWS workload. Build geographically dispersed, fault-tolerant web architectures with cloud resources, AWS has implemented a world-class network infrastructure that is carefully monitored and managed. Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. AWS comprehensive monitor inbound and outbound communications and network traffic. Redundant connections to more than one communication service at each Internet-facing edge of the AWS network.
In-Transit, AWS offers HTTPS using Secure Sockets Layer (SSL).
At-Rest, AWS provides the ability to encrypt EBS volumes and their snapshots with AES-256.
AWS’s development process follows secure software development best practices, which include formal design reviews by the AWS Security Team, threat modeling, and completion of a risk assessment. Static code analysis tools are run as a part of the standard build process, and all deployed software undergoes recurring penetration testing performed by carefully selected industry experts.
Routine, emergency, and configuration changes to existing AWS infrastructure are authorized, logged, tested, approved, and documented in accordance with industry norms for similar systems. Updates to AWS’s infrastructure are done to minimize any impact on the customer and their use of the services. AWS will communicate with customers, either via email, or through the AWS Service Health Dashboard when service use is likely to be adversely affected.
Business Continuity Management
AWS infrastructure has a high level of availability. AWS is designed to provide 99.99% durability and 99.99% availability of objects over a given year. AWS has designed its systems to tolerate system or hardware failures with minimal customer impact. AWS data centers are are online; no data center is “cold.” In case of failure, automated processes move customer data traffic away from the affected area. Core applications are deployed in an N+1 configuration, in the event of a data center failure, there is sufficient capacity to enable traffic to be load- balanced to the remaining sites. A Service Health Dashboard is available and maintained by the customer support team to alert customers to any issues that may be of broad impact.
Incident Management Process
The AWS Incident Management team employs industry-standard diagnostic procedures to drive resolution during business-impacting events. Staff operators provide 24x7x365 coverage to detect incidents and to manage the impact and resolution. AWS has implemented various methods of internal communication at a global level to help employees understand their individual roles and responsibilities and to communicate significant events in a timely manner.
AWS has established formal policies and procedures to delineate the minimum standards for logical access to AWS platform and infrastructure hosts. AWS conducts criminal background checks, as permitted by law, as part of pre- employment screening practices for employees and commensurate with the employee’s position and level of access.
Safeguards for potential data transfer (Art. 44 GDPR)
EU Standard contractual clauses (controller to processor) – Tivian has entered into SCC with AWS on behalf of its customers
This information is provided by third parties. Tivian does not take responsibility for any error or misrepresentations.
Last updated January 2022.