This document contains information related to management of the DSI Cloud platform implementation including data retention, privacy and backup policy, restoration policy, disaster recovery, business continuity, and availability policy, change management policy, emergency change management in the cloud, and the alert policy.
Data Retention/Privacy and Backup Policy
Backups are an essential part of the operation of the DSI Cloud environment. DSI has provided the general policies listed below in relation to the use of backups with the DSI Cloud environment.
Note: DSI Reserves the right to change this policy in accordance with the DSI Cloud Services Terms and Conditions.
What is being backed up?
DSI shall backup four (4) main data areas as set forth herein. They are each listed below and provide a description of the type of data, and how it is related to the overall solution. These data areas will be updated if any solution changes to the architecture are completed.
Table 1: Storage Type Definitions
Storage Type | Description | Highly Available |
Amazon S3 | This is a highly available data storage which holds the bulk of data in a MEP instance, changing frequently. This data is replicated across all availability zones in an Amazon Region | Yes / Replicated across multiple Availability Zones |
Amazon RDS | This technology is commonly referred to as database storage. DSI uses this data area to store each of the databases a customer would use within their tenant instance. This would include system databases for MEP system specific tables, along with middle-tier databases (one per environment defined in the instance). | Yes / Replicated across multiple Availability Zones |
Amazon EC2 / EBS | Each Amazon EC2 instance is the equivalent of a server. DSI uses Microsoft Windows Operating Systems on our EC2 instances that generally consist of 2 EBS drives. Each of these drives are backed up regularly. | Yes / Multiple servers load balanced across multiple Availability Zones |
MEP Instance Folder | The MEP instance folder contains the executables and DLL files for MEP, along with some instance configuration data. | Yes1 |
1The executables and DLL files are replicated during a maintenance window when the system applies patches or service packs. This data does not change on a daily basis.
How often is the data being backed up?
As each of the data areas are unique in how they operate, the appropriate backup frequency is different for each area. DSI shall backup that data in accordance with the frequencies and objectives listed in the table below.
Table 2: Backup Frequency
Storage Type | Frequency | Type | Recovery Point
Objective (RPO) |
Recovery Time
Objective (RTO) |
Amazon S3 | Daily | Full | 24 Hours | 15 Minutes |
Amazon RDS | Daily | Full | 24 Hours | Up to 2 Hours |
Amazon RDS | Continuously | Incremental | 5 Minutes | Up to 2 Hours |
Amazon EC2 / EBS | Maintenance Windows Only | Full | N/A | N/A |
MEP Instance Folder | Maintenance Windows Only | Full | N/A | N/A |
How long will DSI maintain the backups?
DSI believes that, in most cases, 7 days or 7 backups of all data is sufficient for recovery of data. The following table outlines the number of days or backups that DSI shall keep in relation to each storage type.
Table 3: Storage type retention day policy
Storage Type | Backup Retention Period |
Amazon S3 | 7 Days |
Amazon RDS | 7 Days |
Amazon EC2 / EBS | 4 Maintenance Windows |
Does DSI provide an extended data retention period for customers?
DSI will work with every customer to design a custom upon request data retention solution to meet their business needs. Additional charges for a custom data retention policy may apply.
What is the data retention period for application analytics?
DSI provides a cloud-hosted data warehouse to support application analytics for both cloud and on-premises deployments of DSI Platform. DSI will retain application and system events within the application analytics data warehouse for a period of twelve (12) months. Extended retention periods are available. Additional charges apply.
How does DSI Cloud support compliance and data residency requirements?
DSI employs a regional data center model for customers that have specific regional compliance or data residency requirements. DSI Cloud data hosting is based upon AWS Regions. A customer may select a preferred AWS Region for hosting their data; additional fees may apply and will be set forth in the order. DSI will not move or replicate customer content outside of the selected region except as formally requested by the customer, or as legally required.
Restoration Policy
Almost as important as the backup of the data is the way in which the data is stored and potentially restored. As such, DSI has provided the following information about the restoration of the data.
What triggers DSI to restore data?
There are several events listed below which could trigger a restore of all of the storage data types which have been backed up, or just a portion of those storage data types. DSI shall restore data types which have been backed up in accordance with the following tables listed below.
Table 4: Triggered Restoration
Event Type | Restoration Type | Recovery
Time |
Alert |
Change to system (MEP or AWS) which causes impact to multiple customers | Restore of S3, MEP Instance, or Snapshot data, or a combination of all 3 | 1 hour or less | Alerts will be sent out to master list of instance administrators for every instance affected |
Catastrophic failure of virtual server architecture | Generate new Servers | 4 hour or less | Alerts will be sent out to master list of instance administrators for every instance affected |
Database server architecture experiences a catastrophic failure | Restore database(s) to last known good configuration | 4 hour or less | Alerts will be sent out to master list of instance administrators for every instance affected |
Table 5: Customer Requested Restoration
Event Type | Information
Required From Customer |
DSI Operations
Restoration Actions |
Recovery Time
Objective (RTO) |
Alert |
Customer requested
restore of database |
Point in time for
restoration +/- 5 minutes |
Restore based
on customer specification |
24 hours or less | Alerts sent to
customer who requested restoration |
Customer requested
restore of deleted application |
IDs of Application
Studio objects to be restored |
Retrieval &
delivery of deleted file to customer |
24 hours or less | Alerts &
requested file(s) sent to customer who requested restoration |
Does DSI offer an off-site storage solution for customer specific data?
DSI has an offering to allow for off-site storage by leveraging AWS Glacier Storage. This can be configured to address the specific business requirements of the customer. Additional fees may apply.
Disaster Recovery, Business Continuity, and Target System Availability
Disaster Recovery is a term used in association with a catastrophic loss of the system being used, and how that system is restored to a working state. In order to provide a better understanding of the policy, we will go through the different areas of the system and provide information about the recovery process. Business Continuity is extremely important to the customers of DSI.
Note: DSI Reserves the right to change this policy in accordance with the DSI Cloud Services Terms and Conditions.
What is the target system availability for the DSI Cloud environment?
DSI works to meet an availability level of 99.5% monthly for the production DSI Cloud service in each deployment region.
Disaster Recovery and the DSI Cloud
Disaster Recovery operations are meant to provide a method in which the system in use (DSI Cloud) can be brought back to a functional state after a disaster has occurred.
What qualifies as a disaster?
DSI considers any event which forces the main data center for the Amazon Web Services (AWS) Region into a non- functional state as a disaster.
What is DSI’s primary recovery mechanism in the event of a disaster?
DSI shall leverage AWS technologies to replicate dynamically changing data generated in the normal operating environment across AWS Regions. The current plan is an implementation of the warm site model, where production data is continuously read-replicated to a separate AWS Region, and minimal configuration is required to restore full functionality to the DSI Cloud environment.
What is DSI’s Recovery Time Objective (RTO)?
DSI shall implement and maintain a disaster recovery solution that utilizes multiple layers and leverages the Amazon Web Services technologies to provide for an RTO of 4 hours. DSI shall recover the entire DSI Cloud operating environment within 4 hours. If the recovery time will be longer than 4 hours, DSI shall promptly notify Customer thereof, and DSI’s Executive Management and Cloud Operations teams will consult and work with Customer to bring the DSI Cloud back to a functional state as soon as reasonably possible.
What is DSI’s Recovery Point Objective (RPO)?
While each customer has unique requirements for their RPO, DSI shall recover customer data to a point in time no less than 15 minutes prior to the disaster occurring. This RPO is achieved based on the current backup strategy.
Which data is part of the DSI Cloud environment and covered under the Disaster Recovery plan?
DSI shall backup three (3) main data areas as set forth in herein. They are each listed below along with a description of the type of data and how it is related to the overall solution. These data areas will be updated if any solution changes to the architecture are completed.
Table 6: Data Types included in DR Plan
Storage Type | Description | Replication Technology |
Amazon S3 (Dynamic) | This is a highly available data
storage holding the bulk of data in a MEP instance, which changes on a frequent basis. This data is replicated across all availability zones in an AWS Region within the DSI Cloud environment. |
AWS Cross-Region
replication for S3. |
Amazon RDS (Dynamic) | This technology is commonly
referred to as database storage. DSI uses this data area to store each of the schemas a customer would use within their tenant instance. This would include the system schema for MEP system tables along with middle-tier schemas (one per environment defined in the instance). |
AWS Cross-Region Read
replicas for RDS |
Amazon EC2 / EBS (Static) | Each Amazon EC2 instance is
the equivalent of a server. DSI uses Microsoft Windows Operating Systems on our EC2 instances that generally consist of 2 EBS drives. Each of these drives are backed up regularly. |
Replicated via Cross-
Region Snapshot Copy |
What would activate the Disaster Recovery Plan for DSI?
The decision to invoke the disaster recovery plan is the responsibility of DSI Executive Management, who will be receiving briefings from Cloud Operations team. If DSI reasonably believes the system will be operational in less than four (4) hours, based on information from AWS, then the Disaster Recovery Plan may not need to be invoked.
When does DSI switch back to the primary operation environment?
DSI shall revert back to the primary operation environment at the next normal maintenance window, unless there is an issue impacting a customer’s production status for which the solution would involve returning to the primary operation environment, in which case DSI shall use all its reasonable commercial efforts to revert back to the primary operation environment as soon as reasonably possible.
Change Management Policy
This section outlines the policies used by DSI to handle Change Management in association to the cloud environment.
Note: DSI Reserves the right to change this policy in accordance with the DSI Cloud Services Terms and Conditions.
What is Change Management?
Change management within the scope for the DSI Cloud environment pertains to the following areas and will be provided at no additional charge to customers.
How is Change Management controlled within the DSI Cloud environment?
Is there a normal maintenance window for change management?
DSI will publish a schedule to all customers utilizing the DSI Cloud environment as soon as scheduled maintenance is required (“Scheduled Maintenance”). Scheduled Maintenance windows will be scheduled on Saturday nights (in the United States, Central Standard Time). Scheduled Maintenance does not occur every Saturday night. It is only scheduled as required and in accordance with the terms herein.
How long will an outage occur during Scheduled Maintenance?
DSI works to keep the Scheduled Maintenance windows as small as possible. Any Scheduled Maintenance window shall not exceed sixty (60) minutes.
Does DSI have a system of record for Change Management?
DSI Global Support uses a ticketing system to record all changes made to the DSI Cloud environment. This system is leveraged for both Scheduled Maintenance, and unplanned maintenance due to an emergency.
What is the method of notification that DSI uses to communicate maintenance in the system?
DSI utilizes email heavily for notification purposes. The notifications would go out to the administrators of the tenant instances hosted in the DSI Cloud environment. The notifications will include the following information:
If a change to a related system is required, where does one get those required files or changes?
DSI will include the location of any required updated files or changes to a customer portion of the DSI Cloud environment in the notification email. This is communicated to any customers PRIOR to the maintenance window, and documentation on how to update said customer systems will be provided.
Emergency Change Management in the Cloud
This type of change management outlines steps which may need to be taken in the event of an emergency update to the DSI Cloud environment. DSI goes to every effort to test any and all changes in a test system prior to making changes to the production system.
Note: DSI Reserves the right to change this policy in accordance with the DSI Cloud Services Terms and Conditions.
What qualifies for emergency change management?
What does not qualify for emergency change management?
What is the notification method for emergency change management?
DSI shall notify customers of emergency change management by both email and phone as set forth below.
Method 1:
DSI utilizes email heavily for notification purposes. The notifications would go out to the administrators of the systems hosted in the DSI Cloud environment. The notification would include the following information:
Method 2:
DSI Global Support will make phone calls to instance administrators registered in the system with DSI and provide the following information verbally.
How is the emergency change documented?
DSI will use the same ticketing system used for Scheduled Maintenance windows to document any emergency changes to the DSI Cloud environment.
Who authorizes emergency changes in the system?
DSI Cloud operations staff will communicate to the Executive Management over Global Services and Support along with Senior Management over Development for authorization.
Alert Policy
This policy defines the different events that will trigger alerts to the DSI Cloud operations team and what those alerts will trigger within the operations team.
Note: DSI Reserves the right to change this policy in accordance with the DSI Cloud Services Terms and Conditions.
Alert Types
Configured Alerts
What is the delivery mechanism for the configured alerts?
DSI leverages multiple technologies to deliver alerts including SMTP, SMS and phone. These alerts are delivered to our Global Support Center which operates twenty-four (24) hours a day, seven (7) days a week, 365 days a year. Depending on the alert type, appropriate action is taken by the Global Support Center.