Skip to main content

Incident Response & Risk Management

Files.com has an Incident Management Program that includes an Incident Handling Policy, Incident Identification Guideline, Incident Alert Procedure, Incident Management Plan and an Incident Management Team. Incident Response is one phase of the Incident Management Plan. Employees and internal contractors receive training on the Incident Management Program as part of the Onboarding process and receive refresher training at least annually. The Incident Management Team receives more in-depth training specific to their roles and responsibilities and receive refresher training at least annually.

Files.com has never suffered a breach, though Incident Management is regularly invoked for smaller incidents, such as customer-impacting availability issues. Files.com conducts regular tests and applies the lessons learned to improve the Incident Management Program. All incidents are tracked and documented, including the root cause and any additional required remediation.

Files.com is often able to provide Incident Report on specific incidents when requested by customers.

Incident Management is reviewed as part of the SOC 2 Audit process. Files.com InfoSec Program documentation includes proprietary information and is not provided to customers. Please reference our latest SOC 2 report for more details.

Past Breaches

Files.com has not been breached. No Files.com vendor has suffered a data loss or security breach that has impacted Files.com.

Breach Notification

In the unlikely event of a breach, Files.com will notify impacted customers using an official contact method on file, subject to any applicable laws and regulations.

Evidence Collection

Files.com handles evidence identification and collection as part of the Incident Management Program.

Risk Management Program / Risk Assessment / Risk Analysis

Files.com has a formal Risk Management Program based upon COBIT 5 Framework, and conducts risk assessments at least annually. A centralized Risk Register is maintained that documents the likelihood and impact of compromise of the CIA Triad on all assets. The status of the Information Security Program is reviewed as part of this process. Senior Management is included in the risk assessment process, including providing key oversight of the Risk Register. The results from the risk assessment process (risk treatment options) drive improvements in controls, countermeasures, processes and business decisions resulting in lower overall risk to the organization.

Vendor Risk Management Program

Files.com has a Vendor Risk Management program in place, which is part of the larger Risk Management Program. Vendors deemed Critical to the organization have their security documentation reviewed at least annually.

Business Continuity / Disaster Recovery - Service Operations

Files.com is designed for continuity of function in a variety of disaster scenarios.

The Files.com service is designed for High Availability.

Files.com conducts regular tests of its Business Continuity and Disaster Recovery procedures (including ransomware testing) at least annually. Results of testing are reviewed by senior management as part of the Risk Management Program.

As part of its Business Continuity Planning, Files.com maintains a list of alternate vendors who could replace key vendors if a key vendor were to become unusable for any reason. Based upon a Risk Assessment, Files.com does not currently believe there to be a material risk of this in any of its key vendors.

Files.com does not share the results of Business Continuity / Disaster Recovery testing, however, Business Continuity (including testing) is reviewed as part of the SOC 2 Audit process.

Business Continuity - People / Company Operations

Files.com is designed for continuity of function in a variety of disaster scenarios.

Files.com demonstrated during COVID-19 an ability to operate successfully with a fully remote workforce for an extended period of time.

All Files.com employees located at our two physical offices in Scottsdale, AZ and Austin, TX would work from home should an incident/disaster occur.

Files.com also has a management continuity plan.

Maximum Tolerable Downtime, Recovery Time Objective and Recovery Point Objectives

Files.com maintains different internal Maximum Tolerable Downtime (MTD), Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for different components of the Files.com service offering. These timeframes are derived from the Business Impact Analysis (BIA) process which is reviewed at least semi-annually.

DDoS Mitigation

Files.com uses sophisticated strategies for DDoS Mitigation, including the use of proxy servers that sit in front of application servers.

High Availability

The Files.com service is designed for High Availability.

Our service is designed to withstand the loss of any single datacenter location with no impact whatsoever to the service. We operate redundant server instances in multiple datacenter locations ("Availability Zones") for every service in every region.

Every customer who purchases a dedicated IP from Files.com actually receives two separate IPs that are hosted on separate infrastructure in separate datacenter locations ("Availability Zones").

We use Amazon Aurora for primary storage of customer metadata. Within Amazon Aurora, we operate multiple hot-backup servers across multiple Availability Zones.

Availability Zones are distinct locations that are engineered to be insulated from failures in other Availability Zones. By launching instances in separate Availability Zones, applications are prevented from failure of a single location.

Infrastructure Monitoring and Application Monitoring

Files.com has extensive infrastructure and application monitoring capabilities. Technologies used for monitoring include PagerDuty, Sensu, Sentry, and more.

Our monitoring systems will page and alert our Incident Management Team under a number of different scenarios requiring an alert. Our Incident Management Team will respond immediately to these alerts.

Scheduled Maintenance

Due to its High Availability design, Files.com has never in the past had to take down production systems to perform system maintenance. All system maintenance and activities are logged.

If any downtime is required for maintenance in the future, it will be scheduled for a Saturday or Sunday and announced 2 weeks in advance.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.