We host the Talis Aspire application servers and databases on dedicated machines secured behind firewalls configured and managed by our industry-leading hosting providers, Rackspace and Amazon AWS. All Talis Aspire data is hosted in the EU and all customer data is partitioned for security and easy retrieval, enabling both the University and Talis to meet their respective obligations under the Data Protection Act and relevant EU Directives.
All data is processed by Talis itself, using only external entities for hosting services. There is a regular programme of external security testing, including attempting to access any personal data. For security reasons, including protecting the interests of other customers, Talis does not make security audit reports available to any third party including customers. Any incidents or suspected breaches would be promptly reported as required by the legislation and good practice.
Talis Aspire does not store any passwords. Where client keys and secrets are used for access to APIs, these are stored encrypted. Client keys and secrets will be revoked if necessary.
Hardware security and high availability
All our products use HTTPS connections to transfer all data outside our own network. Where data is travelling through a network under our control they are zoned and firewalled so that only specific servers have access to other services.
We mitigate hardware failures in two ways - by making sure servers are fully redundant (this means if one machine fails there is a replica to take its place without downtime) and via the 1 hour hardware replacement SLA we have in place with our hosting provider.
We use independent third party service providers located around the globe to monitor and report on the availability of Talis Aspire Reading Lists and Talis Aspire Digitised Content. Up to date reports on the availability of Talis Services are always available publicly here:
In summary the last 6 months has seen greater than 99.99% uptime.
When downtime does occur we perform a post-mortem on each occurrence to ascertain whether or not there is a weak link in our infrastructure. An example from August 2013 was some downtime we incurred early on a Saturday morning due to an issue at our DNS hosting supplier, which was beyond our control. Within the following few days we migrated the service to a more reliable supplier to ensure the service was less susceptible to a repeat incident of this type.
Talis Aspire services are highly available throughout their design. Disaster Recovery procedures are in place with an achievable ability of zero data loss. Our RTO for a serious major outage would be next business day. We implement both a backup and offsite transaction log strategy, this provides an RPO of just before a major disaster scenario.
Disaster Recovery procedures are tested on a regular basis to ensure that all systems perform as expected.