Relevant findings are documented and tracked until resolution. Our Disaster Recovery Plan (DRP) addresses both durability and availability disasters, which are defined as follows. A durability disaster consists of one or more of the following: ● A complete or permanent loss of a primary data center that stores metadata, or of multiple data centers that store file content ● Lost ability to communicate or serve data from a data center that stores metadata, or from multiple data centers that store file content An availability disaster consists of one or more of the following: ● An outage greater than 10 calendar days ● Lost ability to communicate or serve data from a storage service/data center that stores metadata, or from multiple storage services/data centers that store file content We define a Recovery Time Objective (RTO), which is the duration of time and a service level in which business process or service must be restored after a disaster, and a Recovery Point Objective (RPO), which is the maximum tolerable period in which data might be lost from a service disruption. We also measure the Recovery Time Actual (RTA) during Disaster Recovery testing, performed at least annually. RELAYTO incident response, business continuity, and disaster recovery plans are subject to being tested at planned intervals and upon significant organizational or environmental changes. In the event of a disaster, the estimated time for resumption of the Customer’s services for RTO is 12 hours and RPO is 30 minutes with a guaranteed maximum time for resumption of 12 hours. Disaster recovery backups are encrypted using the AES-256 protocol. Can we restrict individual user access to specific documents? Yes. Private documents require the user to be authenticated & authorized before accessing a document. Author/publisher have access control settings to give access only to certain user accounts. Are the Personally Identifiable Information and other data encrypted at rest? Yes, Encryption-at-rest is automated using AWS's transparent disk encryption, which uses industry-standard AES-256 encryption to secure all volume (disk) data. All keys are fully managed by AWS. 44 of 54