Scope
This policy covers the management practices that Data Systems International, Inc. and its subsidiaries and affiliates (collectively “DSI” or “we”) employ when providing Cloud Inventory® services and support to our customers ("you" or "your"). DSI established this policy to inform you of our practices of the Cloud Inventory® infrastructure and applications, including data retention, service levels, privacy, backup, restoration, disaster recovery, availability, change management, and the alert policy.
Multi-Tenant Environment
When using multi-tenant environment, Company environments and data are logically separated from other company’s data.
Service Level Agreement
Cloud Inventory® works to meet an availability level of 99.5% monthly for the Production instance in each deployment region.
Cloud Environment Configurations
Environments maintained in the cloud are configured to security specifications as maintained in internal policies and supporting procedures.
Changes to security configurations are governed and must be approved by the change management process.
Any APIs used to support interoperability and migrating applications should be open and published.
Virtual Private Clouds (VPC) are implemented where appropriate. ACLs are utilized to ensure:
A VPC cannot communicate with another customer VPC.
Assets within a VPC communicate only with other assets on an as needed basis.
Cloud computing application development must be designed and implemented to address the OWASP Top Ten application vulnerabilities at a minimum.
Authentication protocols must meet Company standards for user IDs and passwords. User and authentication management must use accepted standards and technologies for authentication access and integration with cloud service providers. This includes the use of federated identity management when available.
Authorization controls must be able to either permit or limit access based on what is permissible for a specific user or administrator to access.
Expectations defining responsibility for maintaining configurations, granting access, monitoring, notification, and reporting must be defined contractually and through SLAs. Contracts, SLAs, and policies and procedures are reviewed on a periodic basis and updated as needed. Access to change cloud configurations is considered privileged access.
Data Retention, Backup, and Deletion
Backups are an essential part of the operation of Cloud Inventory®. Cloud Inventory® has provided the general policies listed below in relation to the use of backups with Cloud Inventory®.
Cloud Inventory® will implement a backup procedure that will:
Generate up-to-date copies of data that can be recovered if systems are damaged by or during a disaster or other emergency.
Complete periodic testing of its restoration procedures for systems to confirm the effectiveness of those procedures and that the data can be restored in the time set forth in the covered component’s Disaster Recovery Plan.
Document the retention period for backup media that contain backup copies of data.
Store backup copies of data, complete records of the backup copies, and document restoration procedures in a remote and secure location, within sufficient distance from the site.
Provide access to authorized workforce members for timely retrieval of the backup information stored at the remote location.
Perform configuration backups shall be performed periodically for production network devices. The backup of configuration settings shall be performed prior to any significant network configuration changes.
Data Included in this Backup Policy
There are four main areas that are classified in the Cloud Inventory® data retention procedures. They are listed below with a description of the type of data, and its relation to the overall Cloud Inventory® solution.
Table 1: Storage Type Definitions
*The executables and DLL files are replicated during a maintenance window when the system applies patches or service packs. This data does not change on a daily basis.
Backup Frequency
Each of the storage types are unique in how they operate, and the appropriate backup frequency is different for each area. Frequency is defined below:
Table 2: Backup Frequency
Backup Retention
The following table outlines the number of days or number of backups which are kept in relation to each storage type:
Table 3: Storage type retention day policy
Any additional retention requirements are addressed as an exception to this policy on a per-client basis.
Analytics Data Retention
Cloud Inventory® provides a cloud-hosted data warehouse to support application analytics. Cloud Inventory® will retain application and system events within the application analytics data warehouse for a period of 12 months.
Any additional retention requirements are addressed as an exception to this policy on a per-client basis.
Data Deletion
Cloud Inventory® will delete customer data (application data, files, and database) within the time period specified by the published Cloud Services Terms & Conditions. Exceptions may be granted where required by law.
Disaster Recovery Recovery Time Objective
DSI has implemented a disaster recovery solution that uses multiple layers and leverages the Amazon Web Services technologies to provide an RTO of 2 hours.
Recovery Point Objective
While each customer has unique requirements for their RPO, DSI can recover client data to a point in time no more than 15 minutes prior to the disaster occurring.
Data Types included in Cloud Inventory® Disaster Recovery
Table 4: Data Types included in DR Plan
Maintenance Windows Schedule
DSI will publish a schedule to all Cloud Inventory® customers as soon as maintenance is required. All non-emergency maintenance windows will occur on Saturday nights (local time) once per month. Notifications are sent two weeks prior to planned maintenance window. Scheduled maintenance windows will never occur at the end of the month.
Duration
DSI works to keep the maintenance windows as short as possible. Depending on the maintenance being applied to the system, the typical maintenance window will range from 30 minutes to two hours.
Communication
DSI uses email for maintenance notification purposes. Notifications will be sent to the Cloud Inventory® Administrator(s) on file. The notifications will include the following information:
Scheduled Maintenance Date/Time (time zone specific)
Expected outage window (duration)
Description of the maintenance taking place
Information related to any customer required changes that may need to occur prior to or after maintenance to the Cloud Inventory® environment. These may include:
Gateway Server Updates
Mobile Client Updates
Core system updates
Emergency Maintenance
In the event an emergency maintenance window is necessary, all Cloud Inventory® Administrator(s) will be notified via email.
Effective August 2025, Version 3.0
Customer Support