Security Policy

Security

  • SSL: All web connections to client instances are protected with 256-bit SSL encryption (HTTPS) using Let’s Encrypt to provide SSL/TLS certificates

  • Isolation: Client data stored in dedicated databases - no sharing of data between clients, no access possible from one database to another. Each database has its own unique user to further limit access across databases.

  • Passwords: Customer passwords are protected with industry-standard PBKDF2+SHA512 encryption (salted + stretched for thousands of rounds)

  • Safe System: Our servers are running recent Linux distribution with up-to-date security patches, with firewall and intrusion countermeasures.

  • Custom Code: All custom customer code is securely and safely stored on one of the largest git providers, Github. Customer customer code can be provided on request.

  • System Security: Only a few trusted SudoTech engineers have clearance to remotely manage the servers - and access is only possible using an personal SSH keypair.

  • Software Security: Please refer to Odoo Security Policy.


Staff Access

  • AWS Databases: SudoTech staff may sign into your database to access settings related to your support issue. For this they use their own staff user and credentials, not your user or password (which they have no way to know).

  • Odoo.sh Databases: SudoTech staff may sign into your account to access settings related to your support issue. For this they use their own special staff credentials, not your password (which they have no way to know).

  • Odoo.sh Databases: This special staff access improves efficiency and security: they can immediately reproduce the problem you are seeing, you never need to share your password, and we can audit and control staff actions separately!

  • Our staff strives to respect your privacy as much as possible, and only access files and settings needed to diagnose and resolve your issue.


Access

  • Access to customer databases are provided and filtered by a subdomain on our main domain. i.e client_name.sudotech.co.za.

Uptime

  • Customer databases are hosted at AWS Ireland region, the closest region to Africa and is subject to change when closer regions become available.

  • Our hosting provider; AWS guarantees a 99.9% uptime (3 nines, excluding planned maintenance)* so we can guarantee a minimum of 99.9% uptime.

  • This corresponds to a maximum unplanned downtime of 1.44min/24h or 8h/year.

  • We usually deliver a much better uptime than this (100% most months), as our providers always deliver a much better uptime than their SLA too.

* These metrics refer to the availability of the platform itself for all customers. Individual databases may be temporarily unavailable for specific reasons, typically related to the customer's actions or customizations.


Backups & Disaster Recovery

  • 14 full backups up to 3 months: 1/day for 7 days, 1/week for 4 weeks, 1/month for 3 months

  • Backups are immediately stored/pushed to a dedicated AWS S3 bucket in a data center *

  • For data centre disasters: 

    • RPO (Recovery Point Objective) = 24h, i.e you can lose a maximum of 24h of work if the data cannot be recovered and we need to restore the last daily backup.

    • RTO (Recovery Time Objective) = 24h, i.e the service will be restored from the backup within 24 hours in 

* Replication across regions are not setup automatically since a 99.99% reliability and uptime is guaranteed by our hosting provider. Additional recovery and replication measures can be set up on request.