| Major natural catastrophe in NZ / Australia | L | H | H | The application is deployed on AWS infrastructure and dispersed across multiple Availability Zones (AZ) in the Asia Pacific Sydney Region. An AZ consists of one or more data centres at a location within an AWS Region. Each AZ has independent cooling, power, and physical security. The database is an MySQL cluster with Multi AZ (multiple availability zones) enabled. | The application If an active AZ in a region is impacted, service provision will automatically transition to the next available AZ. The database In the event of a planned or unplanned outage of the Writer instance, Amazon RDS automatically switches to a standby replica in another AZ. The time it takes for the failover to complete depends on the database activity and other conditions at the time the primary DB instance became unavailable. Failover times are typically 60-120 seconds. |
| External attack on website (D-DOS) | M | H | H | AWS GuardDuty is configured for Clients. GuardDuty identifies threats by continuously monitoring the network activity, data access patterns, and account behaviour within the AWS environment | SM8 usually only has one end-point. Prevention techniques include; Blacklist suspicious IP addressesauto scale EC2 instances to ensure application remains operational. |
| Website overload – No Website Service | M | L | M | SM8 is deployed across multiple EC2 instances and sits behind a load balancer. The instance cluster is auto scaling. | With auto scaling, EC2 instances are automatically added or removed in response to demand load. |
| Website hacked or penetrated | M | H | H | Website security measures and pen-testing designed to prevent attacks. Databases in a private subnet. Applications in a IP whitelisted security group controlled public subnet. Application architecture employs SSL termination pattern. | Server restoration from latest backup after analysis and removal of vulnerability |
| Hosting provider experiences problems | L | L | L | Reputable/world leading hosting provider used (AWS) | AWS SLA has a 99.99% monthly uptime percentage. In the event of a full regional outage, the application would currently have to wait for the regional data centres to be restored. |
| Hardware failure | L | H | H | Reputable hosting equipment and technologies used, reliance on world-leading cloud-hosting service (AWS) | AWS SLA has a 99.99% monthly uptime percentage. In the event of a full regional outage, the application would currently have to wait for the regional data centres to be restored. |
| Maintenance or patch requires website break in service | M | L | H | The application is deployed across multiple EC2 instances behind a load balancer. | Traffic is automatically targeted to healthy (available) instances meaning that maintenance can be carried out and deployed with minimal application downtime. |
| Internet Connectivity problems | M | L | L | This is a user issue | This is a user issue |
| Pandemic affecting word-wide supply chain | L | L | H | Good office hygiene and control visitor access Office roster, so that not all staff are simultaneously in the same office every day. | Enable and set up staff so that all staff can work remotely |
| Key person risk assessment | M | H | H | SM8 Application is founded and coded extensively with two key persons holding substantial IP. | Code source in ESCROW. Governed by “ESCROW release rules” |
