Codesion Code of Conduct

• Codesion is a profitable, enduring business. In the 5 years that we've been operating our profitable business, we have never lost any customer project code or data. From day one, Codesion has prioritized information security, investing large amounts of time and money to constantly improve.
• The Confidentiality Agreement is a legally-binding commitment that Codesion will protect the confidentiality of any source code stored on our system.
• Complete Backup System: Codesion backs up all customer data every 10 minutes to a multi-redundant, active/static multi-site archiving system. Hot backups are taken to live failover servers (on-site) that can be re-deployed in under 30 minutes if required. Cold backups are pushed to an offsite datacenter within our provider network and, if required, can be deployed to new or existing live server clusters within 60 minutes. Finally, customers can take advantage of our Total Backup service and download Codesion repositories to your own on-premise servers daily.
• Secure Servers: Our hardware partner, Softlayer, maintains high-security, SAS-70 approved datacenters.
• Guaranteed Data Recoverability: In the case Codesion were ever merged, acquired or stopped trading, we guarantee that the customer will have a 90-day window to recover all project data. Codesion maintains cold customer backups on prepaid annual servers under a separate, arms-length contract with our hosting provider. Although this has no effect on how you would recover your projects, from an operational standpoint this allows us to guarantee you will have 90 days to recover your projects.

• Security policies and procedures are reviewed every 6 months
• Only authorized Codesion administrators have shell access to Codesion servers
• All Codesion servers are physically housed in Tier-III datacenters, protected by hardware/software firewalls
• 3^rd party applications are regularly updated with the latest security patches and/or versions
• Customers may only access their repositories via secure protocols (e.g. HTTPS for Subversion)
• Project backups are taken every 10-minutes to hot & cold onsite/offsite servers connected via a private subnet
• Backup servers are pre-paid 12-months in advance, ensuring customers will always have at least 60 days to recover lost data
• Emergency Response 'firedrills' are performed at least once every six months.

• All Codesion servers are monitored constantly, and a minimum of three technical administrators are on standby 24x7x365
• All Codesion customers benefit from a hardware/software platform with a proven track record of reliably delivering >99.9% uptime. Average monthly uptime of all Codesion servers was 99.92% in 2007 and 99.95% in 2008
• Uptime SLA: Codesion guarantees 99.9% Uptime for clients entitled to Premium Support
• If availability ever falls below 99.9% in a given month, Premium Support customers may apply for Service Credits, according to the following schedule:

• Monthly Uptime and Usage reports are emailed to all Premium Support clients.

• All Codesion plan include unlimited monthly email-based support from our expert support engineers
• Premium Service plans include telephone support from our Live Helpdesk during US business hours (Pacific Time)
• Premium Service plans include an Emergency Hotline (24x7x365)
• Plan Upgrades: Customers may upgrade at any time through Billing
• Plan Downgrades and cancellations can only be provisioned at the end of the billing cycle. Why? When a customer upgrades, we allocate upgraded server and/or human resources to that plan for the duration of the purchase, with the increased payment covering the associated costs. But if the customer wishes to downgrade, we cannot expect to recover the costs, yet Codesion would be obligated to refund the difference in price.

• Codesion is a month-to-month subscription service that can be ended at any time
• No vendor lock-in: We have a simple process by which you can leave Codesion (at the end of your paid period), in doing so either recovering your project data or electing to destroy it.
• Annual plans can be purchased at a discount, although cancellations and refunds are not accepted.

• Codesion systems administators run multiple server monitoring tools and maintain complete system visibility 24x7x365, including:
  
  • Server load, I/O load, RAM load, CPU load, and fine-grained performance metrics
  • If predefined server loads are exceeded, standby administrators are instantly informed by SMS, who may resolve the issue or enter issue diagnosis (see below)
  • Load spikes generally occur due to activies that fall outside of our Acceptable Use Policy
• Communication of outages or incidents will occur via the Codesion Status site.

• Alert Relevant Staff. On-call technical administrator(s) immediately contacts and informs the CTO by instant messanger (IM), telephone, or email (in that order). Issue is evaluated and relevant administrators brought up to speed.
• Establish Internal Communications. Verify that internal communications (IM and email) are operable and being received by on-call staff. All Codesion staff maintain at least two IM accounts and a non-company email account (stored internally), all of which are reachable in case of emergency.
• Confirm External Communications. Send test email to Codesion support queue to verify that email support system is unaffected.
• Diagnose the Problem and describe (by priority):
  1. Nature of Offending Issue
  2. Cause of the issue
  3. Classify the issue severity:
     
     • Green = Scheduled outage or minor risk; address while carrying out normal business activities.
     • Orange = Performance affects a subset of customers (up to 20); may be dealt with while carrying out reduced business activities.
     • Red = Emergency situation with potential to disrupt or deny access to >20 customers; relevant staff to stop all work and focus on resolving the issue.
  4. Estimate expected time to resolve and the likelihood of achieving that estimate.
  5. Post this report internally to the blog and emergency email address.
• Create Response Plan. CTO and/or Senior Technical Administrator develops a concise action list outlining:
  1. Who will fix the issue?
  2. What actions must be taken?
  3. Where is being affected - which customers / servers / clusters?
  4. When is the estimated time to completion?
• Post incident report to the Codesion Status Site. The Status Site is hosted on an external service for redundancy purposes. Posting will describe the start time and date, outage type (scheduled / non-scheduled), customers affected, issue description, estimated time to completion, and next update time.
• Email the incident alert to all affected customers, including notice to monitor the Status Site.
• Repost to Status Site every hour until the outage or issue is resolved.
• Post a final outage report, which fully describes how the issue came about, the impact of the issue, and what steps have been taken to prevent future similar issues.

 (back to top)