Release Management

The DoT development team utilise an agile approach to software development and is continually adding new features to the product. This means that new releases may be deployed monthly. Planit will co-ordinate release notifications with all our clients and ensure changes and new features are explained accordingly.

Incident Management

Although we have a stable and high-quality release management process, there will be situations where issues may be introduced. The DoT team will endeavour to ensure DoT is up 95% of the time, with any planned outages and updates communicated to clients and users accordingly. Although there is no SLA’s during the Early Adopter program, the DoT development team will review any high priority incidents in production and will communicate a remediation plan with our clients. Clients may contact dot.support@planit.com if any issues or questions arise, and we will arrange an in-person call to triage all client raised issues during the Early Adopter Program.

Access to data during incidents

Access to a client’s tenant is restricted to Planit and client users, and Planit administrators ONLY.

During the event we have a production issue, Planit may provide access to a developer to triage the issue. Access will be revoked once the issue has been resolved.

Logging

All REST API events are logged (CloudWatch, 30 days).

  • This logs when requests are made and their outcome.

  • This does not log the requests or responses themselves, which may contain sensitive information.

  • All internal services are logged (CloudWatch, 30 days).

    • We may log request and response bodies in these logs unless sensitive.

    • Care is taken to avoid logging sensitive info, secrets & auth tokens in particular.

  • warnings logs and error information only at this point unless a particular service requires more analysis for debugging or analysis.

  • All access to our stored data is logged (S3 Access Logging, 90 days).

  • We store change history of application resources (e.g. users) in a persistent database with the application (DynamoDB, permanent).

    • For example, if a user’s permissions were modified, we will store this event along with the time it occurred and the other user that initiated the permission change.

  • All AWS account access and use is logged (CloudTrail, 90 days).

  • All logs are encrypted.

  • Access to the production infrastructure where logs are stored is restricted only to core developers and protected by single sign-on with multi-factor authentication.

© 2024 Planit Testing - ✉ infoau@planit.com