Hosting


Last updated 2 Feb 2018

At Appraisd, the security of your data is paramount. That's why we've chosed Microsoft Azure in the UK as our hosting provider. Except for where our sub-processors are involved, all of your data is stored in Microsoft Azure in the UK.

According to Microsoft:

Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards, such as Australia IRAP, UK G-Cloud and Singapore MTCS. Rigorous third-party audits, such as by the British Standards Institute, verify Azure’s adherence to the strict security controls these standards mandate.

Here's some more information on how we use Azure:

  • We use Azure services in the UK for all personally identifiable information storage that's processed by the Appraisd application.
  • Application data (reviews, users, feedback, objectives etc) is stored in an Azure SQL DB. We use TDE to encrypt the data at rest, and all connections to SQL server are encrypted as standard. We use roles to provide access to the database from the Appraisd app that have been locked down to prevent unauthorised/unnecessary commands. We make use of Azure's automatic logging and vulnerability prevention tools to alert us to unusual activity. Access to the database for Appraisd staff is via RBAC in Active Directory, allowing us to log and modify access permissions easily.
  • We use Azure SQL's back up tools to retain 35 days of backup data. Backups are taken approximately every 15 minutes to an alternate data centre in the UK.
  • Files you upload are stored in Azure's blob storage with encryption at rest and in transit.
  • The Appraisd application runs on an Azure app service with slots used to provide staging and QA instances. As we do not use physical servers for this, all base level security and patching is managed by Microsoft with zero downtime.
  • We use continuous delivery to deploy Appraisd and can push an approved patch to production in under ten minutes.
  • Azure permits only SSL ciphers that are considered safe and have achieved an Qualys SSL Labs A rating.

If you need any more specific information about how we safeguard your data, please get in touch with us at support@appraisd.com. You may also be interested in Microsoft Azure privacy and security pages.