We know your work is extremely important to you and your business, and we’re very protective of it. Here's an overview of how we manage availability and security for you:
Our Data Center
We host all of our infrastructure in Amazon’s cloud services. We utilize multiple availability zones to assure that a fault in one physical location will not bring down the site. All critical infrastructure has at least two redundant nodes.
We regularly test taking down individual nodes to make sure the service remains resilient.
While not a guarantee of future performance, ScrumDo has experienced high levels of availability in the past. Here are some stats as measured by an external third party.
- 2014 - 99.98% Uptime
- 2013 - 99.998% Uptime
- 2012 - 99.9% Uptime
These stats include all unplanned service interruptions. We have had less than 3 hours of planned downtime per year, all of which was late night (US Time zone) on weekends.
Backups and Disaster Recovery
There are two primary types of customer data that we take great pains in preserving. The first are all attachments uploaded to your project. These files are stored in Amazon’s S3 service which is designed to provide 99.999999999% durability. This includes storing your files in multiple redundant data centers.
The second set of customer data is our database with all customer projects, cards, tasks, etc. in it. We maintain a rolling 30 day backup which allows us to restore data from any point in time during that window. We also make regular backups to Amazon S3 (see above).
Our backups are secured by Amazon’s access control mechanisms.
At no point are physical unencrypted backups in transit.
We take all appropriate industry standard security practices such as:
- System installation using a hardened and patched OS
- Dedicated firewall and encrypted access to help block unauthorized system access
- Intrusion detection systems to provide an additional layer of protection against unauthorized system access
- Only ever store hashed passwords
- Multi factor authentication to hosting infrastructure
All accounts may access all of ScrumDo over HTTPS/SSL. You should automatically be redirected to the secure version, if you are not at any time feel free to replace the http with https in the URL.
As mentioned, we are hosted in Amazon’s cloud services. A detailed description of their physical security can be found in the AWS Security Whitepaper
Only a limited number of trusted ScrumDo staff have access to your data for support or operations purposes.
We never share your project data with anyone outside your organization.
Intrusion Detection & Remediation
We utilize both host based instruction detection systems and an external monitoring service to look for anything out of the ordinary.
We have mechanisms in place that can completely rebuild one of our application servers from scratch in mere minutes. In the event of a suspected intrusion, we have a plan in place that allows us to isolate the compromised server and deploy a new one quickly.
To date, we have never had to do this for security reasons. However, we regularly use this same mechanism to deploy updates with zero downtime.
Being a web based product developed in-house brings several unique challenges in regards to security. We take several significant precautions to help assure that we maintain a secure environment.
- Every line of code is reviewed for security by one of the company founders before going into production.
- Developers, whether contractors or employees, only have access to scrambled, anonymized customer databases.
- Only employees who absolutely require it to do their jobs have access to customer data. Most employees do not have this access.
Credit Card Security
No ScrumDo staff has access to your credit card information. It is all stored and vaulted by a third party, fully PCI compliant payment processor (Pin Payments).
ScrumDo LLC was founded in late 2010. As of this writing we have over 90,000 registered users and over 2500 companies actively using ScrumDo to manage their projects.
ScrumDo LLC was self-funded and profitable within its first several years of operation. In 2016, we merged into our sister company, Code Genesys LLC, and plan on being around for a long time yet to come.