Architecture and Security

Infrastructure & Hosting

What uptime guarantee do you provide?

We provide hosting via multiple cloud providers with the following uptime guarantees:

Provider Uptime Guarantee
AWS 99.0 - 99.5%
Digital Ocean 99.99%
OCI 99.9%

We monitor uptime of each server and notify users via email if their server is consistently down. Engineers are notified via call for extended downtime.

Do you have maintenance windows?

No specific maintenance window policy is in place due to varying activity types. We inform users beforehand via email about potential downtime during maintenance activities.

Is EBS volume/storage encrypted?

No, EBS volumes/storage attached to Frappe Cloud instances are not encrypted.

Network Security & Access Control

How is network security implemented?

We use a combination of security groups and firewalls to secure networks. VPCs isolate resources and restrict access. Only necessary ports are open to the public internet; all other ports are blocked by default.

How do you manage server access?

We use SSH with certificates and/or public keys for server access. Passwords are not used. Users can only access benches with SSH certificates.

Is there a WAF protecting applications?

Our infrastructure relies on AWS security groups for basic firewall functionality. There is no dedicated WAF solution.

Is there an IPS/IDS solution in place?

No, there is no Intrusion Prevention/Detection System currently implemented.

What DDoS mitigation measures are in place?

We do not have specific DDoS mitigation measures in place currently.

Data Protection & Encryption

What encryption is used for communication?

We use HTTPS for all internet communication. SSH connections are also encrypted.

Are databases encrypted at rest?

No, MariaDB databases are not encrypted at rest.

Are backups encrypted?

Backups are unencrypted by default. Users can enable encryption by following our backup encryption documentation.

Security Monitoring & Management

What antimalware software is used?

We use ClamAV for antimalware protection on all servers. Virus definitions are updated manually as needed. Regular scans are not implemented to maintain performance.

Is there an EDR solution monitoring servers?

No, there is no Endpoint Detection and Response solution currently implemented.

Are containers scanned for vulnerabilities?

No, containers are not scanned for malware or vulnerabilities.

Do you use multi-factor authentication?

Yes, we have 2FA enabled for all logins to third-party services.

Patch Management & Updates

How are OS security patches managed?

We use unattended upgrades to deploy patches automatically on a daily basis across all servers.

How are Frappe Framework updates handled?

On shared benches, Frappe Framework updates are managed by the Frappe Cloud team, typically occurring weekly or with major updates. Private bench users can manage updates themselves. See bench documentation for details.

How are MariaDB updates managed?

MariaDB security updates are handled via Ubuntu's unattended-upgrades system.

How are Python and dependency updates managed?

Python and other dependencies are managed via benches. Users can manage them through Bench> Dependencies.

Do you have a formal patch management policy?

Yes, we have a comprehensive patch management process that covers implementation and tracking of ongoing patch compliance for all systems within our IT scope.

Process Triggers: - Ongoing patch updating process - Vulnerability assessment results - Vulnerability alerts from vendors/OEM/security forums

Server Patch Deployment Process: - Critical security patches applied automatically via Ubuntu's unattended upgrades - Previous backups or application utilities used for system rollback when needed

Where can I check for recent security patches?

You can check security advisories on relevant GitHub repositories:

Version Information

How can I check current Frappe version?

You can check the current Frappe version by going to Bench> Apps.

How can I check current MariaDB version?

You can check the current MariaDB version by going to Server > Actions> View Database Configuration.

How can I check current Python version?

You can check the current Python version by going to Bench> Dependencies.

Backup & Disaster Recovery

What backup policy do you follow?

We take logical site backups as per our backup policy. Server-wide snapshots are taken daily.

What disaster recovery measures are in place?

We maintain server-wide multi-AZ snapshots taken daily. In case of disaster, we plan to restore from these snapshots.

Note: For KSA, backups are not multi-AZ yet. We intend to improve this in the future. Reference

Compliance & Certifications

What certifications do you have?

Yes, we are certified under ISO 9001:2015, ISO 27001:2022, and SOC-2 Type-2 standards. Check our compliance page for more information.

Do you conduct penetration testing?

Yes, the Frappe Cloud platform undergone formal third-party penetration testing within the last 12-18 months.

Do you conduct vulnerability scans?

Yes, we conduct regular internal and external vulnerability scans on our cloud infrastructure as part of our ongoing vulnerability management program.

Discard
Save
Draft
This page has been updated since your last edit. Your draft may contain outdated content. Load Latest Version
Was this article helpful?

Previous Page

Left

Next Page

Right

On this page

Review Changes ← Back to Content
Message Status Space Raised By Last update on