- Data Security
- Your data is very important to you and to us. We take our responsibility very seriously to give you secure, convenient, fast and reliable access to your database. This document discusses all of the things we have implemented to ensure that.
We host your data in our own servers at Rackspace.com. Rackspace is a world class data center. Our servers are located in their Chicago data center.
Only authorized employees at Rackspace have physical access to the servers.
Private Managed Cloud¶
Rackspace manages a set of dedicated servers for our account. We do not share any resources with any other Rackspace customer, other then their 50gb backbone to the Internet. We have two 16 processor servers, a firewall, and a load balancer in our managed cloud. Rackspace monitors all of our critical services and has 24/7 support.
- Pro-Active monitoring
- Rackspace pro-actively monitors all of our hardware for potential problems. For example, they notified us that one of our disks in our Raid 10 configuration appeared to show early warning signs of a potential failure. They notified us, and hot swapped the disk drive with no disruption in service.
- Fast response to issues
- Another time, on a Sunday morning around 11:00, we had a lot of errors connecting to our database server. It turns out that we had allocated 100% of the memory to the database. This had worked for a number of years with no problems and made our data access very fast. However, the memory usage reached a critical point where the database was starving the OS. We worked with Rackspace over the phone and in 30 minutes reconfigured the memory, rebooted the server and resolved the problem.
- Rackspace Service Level Agreement
- Because we use Rackspace Dedicated / Managed Hosting service. We have a Service Level Agreement with Rackspace. A Service Level Agreement does not prevent disaster or mistakes, but it does motivate a service provider to provide outstanding service, by giving them “skin” in the game.
- Disaster Recovery
Our plan for disaster recovery is all built around the cloud. We have no infrastructure of our own. We are software developers and software support analysts. Our expertise is not in networking, hardware or really any other IT infrastructure issue. As such, we outsource all of this expertise to various companies in the cloud. This is a critical component of our disaster recovery plan.
- Host everything in the cloud
- Use multiple service providers (best of breed)
- Be agile and as agnostic as possible about which service we use.
For example, we use the following cloud services:
- Rackspace (for hosting of our data and web servers)
- SendGrid (for email)
- GitHub (for hosting all of our source code and documentation)
- WordPress.com (for our blog)
Our disaster recovery plan is as follows:
- Establish accounts at a new cloud provider.
- Move all backups to this provider.
- Install software on this new provider.
- Point our DNS to this new provider.
- Finish this whole process in under six hours.
We have actually tested our Disaster Recovery Plan in a real live situation. See A Disaster Recovery Story.
One the of our servers is a hypervisor with three virtual web servers. These web servers are behind a load balancer which randomly routes requests to one of the three servers. The advantage of this configuration is that we can publish new features and bug fixes at any time, even while activity is high.
We do this by taking each web server in turn out of the load balancer rotation. This makes it safe to update the server since it is effectively out of service. While each server is updated with new software, the other two handle the requests. Our build and publishing process is automated.
Secure Sockets Layer¶
We have a wildcard SSL certificate which secures all traffic between our web server and your browser. This means that all data is encrypted over the wire. No hacker can “sniff” your data and see what you are sending and receiving. If you are sitting in Starbucks working on your church management system, you don’t have to worry about someone stealing important information over the network.
Obviously, this does not protect you from someone looking over your shoulder. The most dangerous and effective hackers do not use code or hardware to get your data; they use social hacking techniques
- Main Backup Plan
- Your database is backed up daily at 1:00 AM.
- We copy your backup to a separate cloud files infrastructure.
- We keep daily backups for the first month.
- Then we keep weekly backups for the next 8 weeks.
- After that we keep monthly backups.
The weekly backups are the Wednesday backup. The monthly backups are the first Wednesday of the month.
- Image Backup Plan
- The image database can be much larger than the main database but has less critical data.
- Your image database is backed up daily at 1:00 AM.
- We keep the most recent backup on our database server.
- Each Saturday, we copy the most recent image backup to the cloud files infrastructure.
Your backups are stored in a separate location from the database server. At any point in time, your data is in three different places:
- The live database on our database server
- The last night’s backup file on our database server.
- Multiple versions of your data, including last nights backup on our Cloud Files account at a different server facility but still in the Rackspace data center.
Backups on your own Rackspace Account¶
As stated above, backups for all churches are stored in a separate location from the database server. However, if you are interested, we can write your database backups to your own Rackspace Cloud Files account. These would be produced on the same scheme as the Main Backup plan above. This allows you to download the previous night’s backup of your own data to your own computers on a daily basis. You can even use an automated download script that runs as a scheduled task.
This gives you two advantages:
- You can be confident that your data can be restored even in the event of a disaster at our data center.
- You can write your own custom reports to analyze your own database. Obviously, this would require your own report writing tools and expertise to do this.
This does require some work and set up on your part, but the cost is very inexpensive to achieve an off-site storage plan for your data.
Here’s what you need to do if you want this service:
- Contact Rackspace and create an account for your church.
- After you’ve done that, create a support ticket and let us know you have an account and provide us with the username and the API key from Rackspace.
Users in TouchPoint have different roles and privileges. This ranges from
- a MyData account for a normal member of your church who can only see his own family and edit some basic information
- to a Lay Leader who is able to access only the people he or she leads
- to a Staff Minister who can see everybody’s record
- to a Ministry Coordinator who can edit and add new records
- to an Administrator who can add users, roles, control settings, and do mass updates
- to a Finance person who can manage and enter all contribution data
New Users And Roles for more information about roles and the security they provide.
Your Own Database¶
Every church client in TouchPoint has his own separate database. Even though all churches share the same web servers, each church’s data is isolated from all other churches.
Credit Card Data and SS#s¶
We provide integration with Sage Payments, Authorize.Net and TransNational to allow you to set up online giving and other fee-based registrations. We do not store any Credit Card or Bank Account information on our servers. A user can save his payment information but we put it in a secure Vault service through one of these gateway. We cannot even see the information. All we can do is issue transactions on this saved payment data.
The only time we ever store Social Security Numbers is when you do a background check using our integration with Protect My Ministry. Even then we encrypt the SS# in such a way that even with physical access to the database, you would not be able to retrieve the SS#.