Operational Resilience, Risk Management, & Incident Response
Files.com is built for operational resilience. Risk management, incident response, business continuity, and disaster recovery are all governed by formal programs that are reviewed annually as part of our SOC 2 Type II audit.
Risk Management Program
Files.com maintains a formal Risk Management Program based on the COBIT 5 framework. The program identifies, assesses, and mitigates risks across all areas of the business through:
- Ongoing risk assessments
- A centralized Risk Register
- Risk treatment and mitigation planning
- Executive-level oversight and review
The Risk Register documents the likelihood and impact of risks to the confidentiality, integrity, and availability (CIA) of assets. The register is reviewed regularly and informs updates to our controls, business practices, and strategic decisions.
Risk Assessments
Files.com conducts formal risk assessments at least annually. The assessments evaluate technical, operational, and organizational risks, include input and oversight from senior leadership, and directly inform improvements to our controls and security posture.
Assessment results are documented in the Risk Register and guide strategic priorities across the organization.
Business Impact Analysis (BIA)
Files.com performs a Business Impact Analysis to assess the potential impact of service disruptions and define recovery objectives. The analysis establishes internal benchmarks for:
- Maximum Tolerable Downtime (MTD)
- Recovery Time Objective (RTO)
- Recovery Point Objective (RPO)
These benchmarks guide infrastructure design and operational response.
Business Continuity and Disaster Recovery (BC/DR)
The Files.com platform is designed to continue operating through a wide range of disruptions. Our BC/DR procedures are formally tested at least annually, including simulations of scenarios such as ransomware attacks. Senior leadership reviews the test results and uses them to improve preparedness.
The results of these tests are not shared externally. The effectiveness of the Business Continuity Program is reviewed annually as part of our SOC 2 Type II audit.
Workforce Continuity
Files.com maintains a workforce continuity plan that supports operations during physical disruptions. Employees at our Scottsdale, AZ and Austin, TX offices are fully equipped to work remotely, and Files.com operated as a fully remote company during the COVID-19 pandemic. A separate management continuity plan covers operational leadership.
Incident Response Program
Files.com maintains a formal Incident Management Program that includes:
- An Incident Handling Policy
- Incident identification and alerting guidelines
- A dedicated Incident Management Team (IMT)
- Role-specific training for IMT members
- Regular testing of incident response procedures
All employees and internal contractors are trained on incident response procedures during onboarding and receive refresher training at least annually. The IMT receives additional role-specific training on the same cadence. Every incident is documented, investigated, and followed by root cause analysis and remediation.
Incident Reports
Files.com provides incident reports on request for customer-impacting incidents. Reports include the root cause, remediation actions taken, and preventive measures.
Breach Notification
Files.com has never experienced a data breach. No vendor-related breach has ever impacted the Files.com platform or its customers.
If a breach occurs, Files.com will notify affected customers using the official contact information on file, in accordance with applicable laws and regulations. If you have specific breach notification requirements, we will review them and commit to them on a case-by-case basis. Reach out to your Account Manager to begin that discussion.
High Availability and Redundancy
The Files.com platform tolerates the failure of any single data center without service disruption. Our infrastructure runs across multiple AWS Availability Zones and includes:
- Redundant infrastructure across zones
- Dual dedicated IP configurations in separate zones
- Amazon Aurora databases with multi-zone hot backups
Customers who purchase dedicated IPs from Files.com receive two separate IPs, each hosted in a distinct Availability Zone.
Monitoring and Alerting
Files.com uses real-time infrastructure and application monitoring tools, including PagerDuty, Sensu, and Sentry. These systems automatically alert the Incident Management Team when predefined thresholds are met.
Scheduled Maintenance
The Files.com architecture supports zero-downtime maintenance. All maintenance activities are logged and tracked, and Files.com has never required taking production systems offline for scheduled maintenance.
If downtime is ever required for future maintenance, it will be scheduled on a weekend day and announced at least two weeks in advance.
Get The File Orchestration Platform Today
4,000+ organizations trust Files.com for mission-critical file operations. Start your free trial now and build your first flow in 60 seconds.
No credit card required • 7-day free trial • Setup in minutes