# Where is my data? 🌎

The following information is provided to support project teams looking to use Digital Design Brief, particularly where data residency or security aspects are a concern.

# Data Storage 💼

Digital Design Brief is a cloud hosted web application made up of a number of services which each have their own databases (Aurora and Neptune instances) and data storage. The data is all stored using Amazon Web Services (AWS) managed (Software as a Service -SaaS) databases and object storage.

# Data Resilience 🚩

The data is spread across 3 availability zones within the eu-west-1 region, with one instance acting as the primary write node, and the others active as secondary read replicas. Should there be a failure in the primary node, one of the secondary nodes will automatically and transparently assume the role of the primary, with zero data loss. Full back ups of all databases are taken at 24 hour intervals and retained for 30 days, along with point in time recovery enabled at 5 min intervals.

# Data Residency 🌐

All data is stored within the AWS EU Ireland Region (EU-WEST-1), with all snapshots (backups) of the data being stored within the same region.

# Data Security 🔒

All data is held within an isolated network (VPC) and only exposed internally within this network through private subnets. Access to the public API's is managed through authentication via Arup's Active Directory tenant, with access managed through AD user groups. Authorisation through the User Service manages who has access to data within DDB once they are authenticated. All data is secured at rest using AEC-256 encryption, with AWS managed KMS keys rotated annually. All data in transit is encrypted using SSL/TLS.

Last Updated: 24/09/2024, 16:41:45