ampEducator is hosted with Amazon Web Services (AWS) Canada for Canadian Client instances and AWS USA for American Client instances in North America. For clients outside North America additional AWS locations may be available upon request for additional fee. Access to all servers is IP restricted. For more detailed information AWS provides the most up to date overview of security processes publicly on their website:
https://aws.amazon.com/architecture/security-identity-compliance/
Clients do not have direct access to data on servers except via Login and Software User Interface and/or API Key. The database servers are imaged daily for backup purposes. Once a week the databases are also archived, encrypted and stored using AWS Glacier for redundancy except in cases of GDPR compliance. Clients have access to request a download copy of the complete database instance at any time via the software interface and may invoke a request for Data Recovery Services at any time via email for a fee.
ampEducator is monitored 24 hours a day 7 days a week since by an independent third party (SiteUptime.com) with publicly available statistics available via the Application Status link on our main website footer. Clients can view by Year and Month total outages, uptime and downtime. ampEducator average uptime since reporting was in implemented in 2010 is 99.9%.
ampEducator is deployed on Amazon Web Services (AWS). AWS Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels.
Firewall configuration and a multilevel network security framework Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services.
ACLs, or traffic flow policies, are established on each managed interface, which manage and enforce the flow of traffic. ACL policies are approved by Amazon Information Security. These policies are automatically pushed using AWS’s ACL Manage tool, to help ensure these managed interfaces enforce the most up-to-date ACLs.
AWS has implemented network devices that are dedicated to managing interfacing communications with Internet service providers (ISPs). AWS employs a redundant connection to more than one communication service at each Internet-facing edge of the AWS network. These connections each have dedicated network devices. AWS’s data centers are state of the art, utilizing innovative architectural and engineering approaches.
Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to data centers by AWS employees is logged and audited routinely.
The ampEducator application runs in instances on virtual servers with a load balancer that determines (based on load) which server each user is assigned to. All clients share hardware simultaneously. AWS has Auto Scaling which allows us to automatically scale capacity up or down according to conditions we define, so that the number of instances we are using scales up seamlessly during demand spikes to maintain performance.
The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility.
SLA requests are defined by 4 levels and are accepted from Clients 24 hours 7 days a week via Email Support Tickets. Business Hours are 8 AM to 8 PM EST Monday to Friday excluding US and Canadian holidays.
Urgent Level Service is "down" and there is a critical impact to your business operations. ampEducator will commit all necessary resources around the clock to resolve the situation.
High Level User experience and product performance is degraded and significant aspects of your business operation are negatively affected by inadequate performance of ampEducator. ampEducator will commit full-time resources to resolve the situation.
Medium Level Minor issues with specific product functionality or performance but key product features remain functional. ampEducator will commit resources during normal business hours to restore service to satisfactory levels.
Low Level Information or assistance is required with the ampEducator product including capabilities, installation, or basic configuration. There is little or no effect on your business operations.