Talis - Data Protection and Privacy Policy can be viewed here.
Data Security
We host the Talis Aspire application servers and databases on dedicated instances secured behind firewalls configured and managed by our industry-leading hosting providers, Amazon Web Services. All Talis Aspire data is hosted within the EU and all customer data is partitioned for security and easy retrieval, enabling both the University and Talis to meet their respective obligations under the Data Protection Act and relevant EU Directives.
All data is processed by Talis itself, using only external entities for hosting services. There is a regular programme of external security testing, including attempts to access any personal data. For security reasons, including protecting the interests of other customers, Talis does not make security audit reports available to any third party including customers. Any incidents or suspected breaches would be promptly reported as required by the legislation and good practice.
Talis Aspire does not store any passwords. Where client keys and secrets are used for access to APIs, these are stored encrypted. Client keys and secrets will be revoked if necessary.
Data access is only authorised to Talis personnel as part of their job role. Employee security policies ensure that any production data including personal data used for testing and debugging is short-lived outside of the production environment.
Hardware security and high availability
All our products use HTTPS connections to transfer all data outside our own network. Where data is travelling through a network under our control they are zoned and firewalled so that only specific servers have access to other services.
Talis Aspire is designed to ensure that underlying cloud hardware failures do not impact the availability of Talis Aspire. We use independent third-party service providers located around the globe to monitor and report on the availability of Talis Aspire Reading Lists and Talis Aspire Digitised Content. Up to date reports on the availability of Talis Services are always available publicly here:
In summary, the last 6 months has seen greater than 99.99% uptime.
When service is impacted we perform a post-mortem on each occurrence to ascertain whether or not there is a weak link in our infrastructure. An example from August 2013 was some downtime we incurred early on a Saturday morning due to an issue at our DNS hosting supplier, which was beyond our control. Within the following few days, we migrated the service to a more reliable supplier to ensure the service was less susceptible to a repeat incident of this type.
Disaster recovery
Talis Aspire services are highly available throughout their design. Disaster Recovery procedures are in place with an achievable ability of zero data loss. Our RTO for a serious major outage would be next business day. We implement both a backup and offsite transaction log strategy, this provides an RPO of just before a major disaster scenario.
Disaster Recovery procedures are tested on a regular basis to ensure that all systems perform as expected.