Hosting Last updated 2 Feb 2018
At Appraisd, the security of your data is paramount. That's why we've
chosed Microsoft Azure in the UK as our hosting provider. Except for
where our sub-processors are involved,
all of your data is stored in Microsoft Azure in the UK.
Azure meets a broad set of international and industry-specific
compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC
2, as well as country-specific standards, such as Australia IRAP, UK
G-Cloud and Singapore MTCS. Rigorous third-party audits, such as by
the British Standards Institute, verify Azure’s adherence to the
strict security controls these standards mandate.
Here's some more information on how we use Azure:
We use Azure services in the UK for all personally identifiable
information storage that's processed by the Appraisd application.
Application data (reviews, users, feedback, objectives etc) is
stored in an Azure SQL DB. We use TDE to encrypt the data at rest,
and all connections to SQL server are encrypted as standard. We use
roles to provide access to the database from the Appraisd app that
have been locked down to prevent unauthorised/unnecessary commands.
We make use of Azure's automatic logging and vulnerability
prevention tools to alert us to unusual activity. Access to the
database for Appraisd staff is via RBAC in Active Directory,
allowing us to log and modify access permissions easily.
We use Azure SQL's back up tools to retain 35 days of backup data.
Backups are taken approximately every 15 minutes to an alternate
data centre in the UK.
Files you upload are stored in Azure's blob storage with encryption
at rest and in transit.
The Appraisd application runs on an Azure app service with slots
used to provide staging and QA instances. As we do not use physical
servers for this, all base level security and patching is managed by
Microsoft with zero downtime.
We use continuous delivery to deploy Appraisd and can push an
approved patch to production in under ten minutes.
Azure permits only SSL ciphers that are considered safe and have
achieved an Qualys SSL Labs A rating.
If you need any more specific information about how we safeguard your
data, please get in touch with us at
may also be interested in
Microsoft Azure privacy and security pages.