Skip to main content

Operational Resilience, Risk Management, & Incident Response

Files.com is built for operational resilience. This article outlines our approach to risk management, incident response, business continuity, and disaster recovery. These practices are reviewed annually as part of our SOC 2 Type II audit.

Risk Management Program

Files.com maintains a formal Risk Management Program based on the COBIT 5 framework. This program is designed to continuously identify, assess, and mitigate risks across all areas of the business. Key components include:

  • Ongoing risk assessments
  • A centralized Risk Register
  • Risk treatment and mitigation planning
  • Executive-level oversight and review

The Risk Register documents the likelihood and impact of risks related to the confidentiality, integrity, and availability (CIA) of assets. This register is reviewed regularly and informs updates to our controls, business practices, and strategic decisions.

Risk Assessments

Files.com conducts formal risk assessments at least annually. These assessments:

  • Evaluate technical, operational, and organizational risks
  • Include input and oversight from senior leadership
  • Directly inform improvements to our controls and security posture

Assessment results are documented in the Risk Register and guide strategic priorities across the organization.

Business Impact Analysis (BIA)

Files.com performs a Business Impact Analysis (BIA) to assess the potential impact of service disruptions and define recovery objectives. This process establishes internal benchmarks for:

  • Maximum Tolerable Downtime (MTD)
  • Recovery Time Objective (RTO)
  • Recovery Point Objective (RPO)

These benchmarks guide infrastructure design and inform operational response strategies to ensure resilience.

Business Continuity & Disaster Recovery (BC/DR)

Files.com is designed for continuity of operations during a wide range of potential disruptions. Our BC/DR procedures are formally tested at least annually, including simulations of complex scenarios such as ransomware attacks. Test results are reviewed by senior leadership and used to enhance preparedness.

While the results of these tests are not shared externally, the effectiveness of our Business Continuity Program is reviewed annually as part of our SOC 2 Type II audit.

Workforce Continuity

Files.com maintains a workforce continuity plan to support ongoing operations in the event of physical disruptions. Employees at our Scottsdale, AZ and Austin, TX offices are fully equipped to work remotely. Files.com operated as a fully remote company during the COVID-19 pandemic. A separate management continuity plan is maintained to ensure operational leadership in all circumstances.

Incident Response Program

Files.com maintains a formal Incident Management Program that includes:

  • An Incident Handling Policy
  • Incident identification and alerting guidelines
  • A dedicated Incident Management Team (IMT)
  • Role-specific training for IMT members
  • Regular testing of incident response procedures

All employees and internal contractors are trained on incident response procedures during onboarding and receive refresher training at least annually. The IMT receives additional, role-specific training on the same cadence. All incidents are documented, investigated, and followed by root cause analysis and required remediation.

Incident Reports

Files.com may provide incident reports upon request for customer-impacting incidents. Reports include the root cause, remediation actions taken, and preventive measures.

Breach Notification

Files.com has never experienced a data breach. No vendor-related breach has ever impacted the Files.com platform or its customers.

In the event of a breach, Files.com will notify affected customers using the official contact information on file, in accordance with applicable laws and regulations.

High Availability & Redundancy

The Files.com platform is designed to tolerate the failure of any single data center without service disruption. Our infrastructure leverages multiple AWS Availability Zones and includes:

  • Redundant infrastructure across zones
  • Dual dedicated IP configurations in separate zones
  • Amazon Aurora databases with multi-zone hot backups

Customers who purchase dedicated IPs from Files.com receive two separate IPs, each hosted in a distinct Availability Zone for redundancy.

Monitoring & Alerting

Files.com uses real-time infrastructure and application monitoring tools, including PagerDuty, Sensu, and Sentry. These systems automatically alert the Incident Management Team when predefined thresholds are met.

Scheduled Maintenance

Files.com’s architecture supports zero-downtime maintenance. All maintenance activities are logged and tracked. Files.com has never required taking production systems offline for scheduled maintenance.

If downtime is ever required for future maintenance, it will be scheduled on a weekend day and announced at least two weeks in advance.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial