Extilum has a fully documented Disaster Recovery policy aligned to the ISO/IEC 27001:2013 standards.
The Extilum Cloud Platform is a fully Cloud-based Infrastructure-as-a-Service (IaaS)/Platform-as-a-Service and therefore hosted remotely from the client(s) site(s). We take security and data protection legislation extremely seriously and for this reason we have chosen to use two separate Datacenter Providers with Tier 3 certified datacenters.
We ensure data confidentiality, integrity, and availability through a robust combination of policies, and processes.
Data is hosted in and does not leave the European Economic Area (EEA).
Extilum is the sole owner and provide its own Cloud Platform.
The approach to our Cloud Platform architecture affords us excellent resilience in the context of Business Continuity, Disaster Recovery (DR) and High Availability (HA). We have chosen two different Datacenter Providers based in geographically separate locations to maximise failover and load balance options.
Extilum follow the ISO/IEC 27001:2013 – Information Security Management standard. This means that we must maintain a relevant Business Continuity and Disaster Recovery Plan. This plan is subject to regular internal review. We have an Information Security Management System (ISMS) group which meets regularly and by exception. The ISMS group includes Director level membership.
As part of this methodology, recovery exercises are performed on a regular basis simulating disaster recovery scenario. In the rare event that a system failure does occur, we use an aggressive, root cause analysis process to deeply understand the cause. Implementation of improvements learned from such an event is a top priority for us. We will provide post-mortems for every customer-impacting incident upon request, should one occur.
We conduct tests against our Business Continuity and Disaster Recovery plans at least annually, after a significant change and release and in event of something such as an office move.
Our Extilum Cloud Platform Infrastructure together with our Information Security Management System (ISMS) and related policies and procedures are audited at least annually, or after a major change.
The entire of Extilum Cloud Platform is cloned overnight, every night, to two locations physically distinct from each other. These physical locations are currently in (Gothenburg, Sweden) and (Zagreb, Croatia).
We keep backup information for up to one year (or longer, if there is a valid business requirement) and have procedures for the restoration of information should that be absolutely required by a client.