• How do I know that my data is safe if I host it with you?
    We take data security and privacy very seriously here at Inflectra. Each hosted instance of SpiraTest, SpiraPlan, SpiraTeam or KronoDesk runs in its own completely isolated application pool, with a separate database instance. That way the data in each customer's instance is completely separate from all other customers. In addition, we use the following proven measures to ensure data security:
    • SOC2 and DSS certified hosting by Inflectra
    • Secure Sockets Layer (TLS 1.2) for all network traffic
    • Integrated biometric/card access control to datacenter
    • Multi-level redundant firewalls
    • Antivirus, anti-spyware and rootkit prevention software
    • Security staff on patrol 24 hours a day, 7 days a week
       
  • How often is my application data backed-up?
    As part of the Inflectra Hosting Terms of Service we take daily backups of your SpiraTest, SpiraPlan, SpiraTeam or KronoDesk specific database and keep these for 7 days. We also take full server disk snapshots for disaster recovery and store snapshots for 10 days. These snapshots are stored in two separate AWS regions for improved redundancy.
    If you have performed an unrecoverable operation on your database, we are usually able to do a 100% full database restore for you using one of the 7 daily backups. To start this process the customer account owner must email the support team at support@inflectra.com with the request.
     
  • Where is your data center?
    • We use Amazon Web Services (AWS) global infrastructure for the SaaS version of our products.
    • We have hosting currently available in six regions (USA, EU, Canada, India, Singapore, and Australia).
    • All of our Cloud Hosting includes  SOC2 and PCI-DSS certification, with high performance separate AWS EC2 web and database instances for maximum performance.
    • All data storage is maintained on high speed SSD encrypted fault-tolerant AWS EBS storage with auto-snapshotting.
    • The AWS physical hosting service is certified ISO27001,
       
  • What Service Level Agreement (SLA) do you offer?
    The service level agreement (SLA) for our hosting service is described in Exhibit A of the Inflectra Hosting Terms of Service . If you have any questions about our SLA, please contact sales@inflectra.com and one of our talented sales staff will be happy to assist you.
     
  • What security and reliability features do you have in place?
    The servers used to host your SpiraTest, SpiraPlan, SpiraTeam or KronoDesk instance use the following security features: In addition, the data center includes:
    • Secure Sockets Layer (SSL) for all network traffic
    • Multi-level redundant firewalls
    • Antivirus, anti-spyware and rootkit prevention software
    • 3 x OC48 connectivity
    • Power Density (W/sf) = 67
    • Heating, ventilation and air conditioning (HVAC) systems
    • Very early smoke detection alarm (VESDA) and dual interlock fire suppression systems
    • Seismically braced facilities and racks
    • Uninterruptible power supply (UPS) with automatic power transfer bridge system
    • Integrated biometric/card access control
    • 24/7 CCTV video surveillance and recording
    • Security staff on patrol 24 hours a day, 7 days a week
    • Monitoring for HVAC and mission-critical power systems
    • Encrypted Data at REST using Encrypted AWS EBS Volumes
       
  • What Security Standards do You Use?
    Inflectra is Annually Audited against the following standards:
    • SOC2 (AICPA)
    • ISO 9001:2015
    • ISO 27001:2013
    • 21 CFR Part 11
    • Eudralex Volume 4, Part I & II
    • FDA Guidance on Data Integrity
    • National Institute of Standards and Technology (NIST)
    • General Data Protection Regulation
    • Health Insurance Portability and Accountability Act 1996
     
  • What is your RPO and RTO?
    Using our world-class AWS hosting environment with hourly EC2 EBS volume snapshots, we have the following RPO and RTO:
    • Recovery Time Objective (RTO): 3 hours
    • Recovery Point Objective (RPO): 1 hour
       
  • Do you have a GDPR Data Processing Agreement (DPA) for European Customers?
    Yes, we have a standard data processing agreement in place as part of our Inflectra Cloud Platform Terms of Service (ToS). This DPA describes how we process customer data, what the purposes are, how security and privacy are engineered by design, and your right and responsibilities.

    Please check out our Inflectra Cloud Services and The EU General Data Protection Regulation (GDPR) Whitepaper for more details.

SOC2 Certification   PCI-DSS Certified