Background Screening FAQs
Here are some of the most commonly-asked questions from across our business, covering topics such as the Ordering Process, Compliance, Data Security, Reporting Capabilities, and more.
Compliance FAQs
Auditing Process
Q: Is Data Facts ever audited, and by whom?
A: Yes. The Data Facts Compliance Team conducts audits for compliance with multiple federal and state regulations such as the FCRA, GDPR, GLBA, etc.
Staff Monitoring
In our production processes, we monitor the extent to which we meet and exceed
regulatory requirements as well as exceeding our clients’ expectations. It is our intent to provide a quality report in a timely manner that reflects integrity and value to our clients. Upon completion of the Internal Staff Audit, a log is maintained and conclusions are adequately documented.
Client Monitoring
Data Facts monitors its End-Users on an ongoing basis to ensure adherence to the requirements of their Agreement. Data Facts monitoring includes proactive, reactive and systematic monitoring and issue resolution. Upon completion of the Client Audit a log is maintained and conclusions are adequately documented.
Vendor Monitoring/Third Party Management
In accordance with the Consumer Financial Protection Bureau (CFPB), financial service providers are required to oversee their business relationships in a manner that ensures compliance with applicable federal regulation. The Third-Party Service Provider Management Policy is intended to manage the activities conducted through our relationships and to identify and control the risks arising from such relationships. Risks arising from these relationships will be assessed according to this policy, which also provides information on managing such risks. Upon completion of the Vendor Audit a log is maintained and conclusions are adequately documented.
External Audits include but are not limited to the following:
- SOC 2 Type 2
- PBSA Accreditation
- Experian, TransUnion and Equifax
- Social Security Administration
- Internal Revenue Service
- Vendor and Client Audits
Data Facts receives External Audits on an annual basis.
Errors & Omissions Insurance
Q: Does Data Facts Carry Errors and Omissions Insurance?
A: Yes, Data Facts has Errors and Omissions insurance.
FCRA Certification
Q: Does Data Facts require their employees to be FCRA certified?
A: All Data Facts employees are FCRA Certified and must pass recertification tests every 2 years. This ensures that our staff is knowledgeable and able to assist clients regarding FCRA regulations.
Tools for Clients
Q: What tools does Data Facts offer their clients to help them stay in compliance with the FCRA and other laws that govern background checks?
A: We offer several value-add tools to help keep you abreast of upcoming changes in laws that affect background screening:
- The State Rules Register: Access to this site provides comprehensive information regarding State Laws for Background Screening. This site is updated by an Employment Attorney. Search by state to see which restrictions or special laws apply for that state. Or search by restriction (i.e. Ban the Box, salary history restrictions, etc.) and all the states and areas with restrictions will populate. Links to the appropriate statutes are provided.
- Website: Our website contains a complete listing and description of our products as well as compliant procedures.
- Newsletter. We share compliance news on issues like drug screening, data security, I-9 regulations, and legislation in our monthly compliance newsletter.
- Blog: We cover a variety of topics affecting our industry on our blog.
- How-to-guide: A go-to reference to resolve the most common issues.
- Webinars: We offer monthly webinars that address changes in policies and emerging trends in acceptable practices regarding background screening and relevant HR topics.
In addition, we provide ready-to-use documents to help keep you in compliance.
Electronic Authorizations and Disclosures
If utilizing the electronic authorizations and disclosures via Data Facts’ QuickApp™, the appropriate state disclosures and/or notices will populate for your applicant based on where they indicate that they live and/or are working.
Adverse Action Notices and Reminders
Pre-adverse and Adverse Action Letters can all be sent out electronically (via email and/or text) through our platform. The email and accompanying letter are automatically customized with your specifications, and our technology allows you to see if and when the candidate has opened the email. Additionally, your account can be configured to automatically remind you to send the Final Notice of Adverse Action after a specified number of days from the time you sent the Pre-Adverse Notification.
Incident Response/Data Breach
Q: What is Data Facts’ Incident Response protocol?
A: Upon the discovery of a breach or suspected breach, End-Users should notify Data Facts immediately. Email notification should be sent to compliance@datafacts.com or call 800-264-4110.
Data Facts may take any action it considers appropriate to safeguard the data, including but not limited to suspension of client’s access until Data Facts has determined the client’s environment is safe.
- Client will comply with all federal and state breach laws.
- Client must take immediate steps to protect Data Facts’ consumer reports to minimize the amount of data compromised. Those steps include but are not limited to suspending access of all end users involved. Access may be suspended for an individual or identified group or suspected violators.
- Client will actively cooperate with and participate in any investigation conducted by Data Facts that results from the client’s breach or suspected breach of information. User will respond to related requests as required for all investigations.
- If the root cause of the breach is determined to be under control of the client (employee or former employee fraud, misconduct or abuse, access by an unqualified or improperly qualified end user, poor information security practices, ID sharing, etc.) Data Facts may assess a client an expense recovery fee.
Q: Is Data Facts ever audited, and by whom?
A: Yes. The Data Facts Compliance Team conducts audits for compliance with multiple federal and state regulations such as the FCRA, GDPR, GLBA, etc.
Staff Monitoring
In our production processes, we monitor the extent to which we meet and exceed
regulatory requirements as well as exceeding our clients’ expectations. It is our intent to provide a quality report in a timely manner that reflects integrity and value to our clients. Upon completion of the Internal Staff Audit, a log is maintained and conclusions are adequately documented.
Client Monitoring
Data Facts monitors its End-Users on an ongoing basis to ensure adherence to the requirements of their Agreement. Data Facts monitoring includes proactive, reactive and systematic monitoring and issue resolution. Upon completion of the Client Audit a log is maintained and conclusions are adequately documented.
Vendor Monitoring/Third Party Management
In accordance with the Consumer Financial Protection Bureau (CFPB), financial service providers are required to oversee their business relationships in a manner that ensures compliance with applicable federal regulation. The Third-Party Service Provider Management Policy is intended to manage the activities conducted through our relationships and to identify and control the risks arising from such relationships. Risks arising from these relationships will be assessed according to this policy, which also provides information on managing such risks. Upon completion of the Vendor Audit a log is maintained and conclusions are adequately documented.
External Audits include but are not limited to the following:
- SOC 2 Type 2
- PBSA Accreditation
- Experian, TransUnion and Equifax
- Social Security Administration
- Internal Revenue Service
- Vendor and Client Audits
Data Facts receives External Audits on an annual basis.
Q: Does Data Facts Carry Errors and Omissions Insurance?
A: Yes, Data Facts has Errors and Omissions insurance.
Q: Does Data Facts require their employees to be FCRA certified?
A: All Data Facts employees are FCRA Certified and must pass recertification tests every 2 years. This ensures that our staff is knowledgeable and able to assist clients regarding FCRA regulations.
Q: What tools does Data Facts offer their clients to help them stay in compliance with the FCRA and other laws that govern background checks?
A: We offer several value-add tools to help keep you abreast of upcoming changes in laws that affect background screening:
- The State Rules Register: Access to this site provides comprehensive information regarding State Laws for Background Screening. This site is updated by an Employment Attorney. Search by state to see which restrictions or special laws apply for that state. Or search by restriction (i.e. Ban the Box, salary history restrictions, etc.) and all the states and areas with restrictions will populate. Links to the appropriate statutes are provided.
- Website: Our website contains a complete listing and description of our products as well as compliant procedures.
- Newsletter. We share compliance news on issues like drug screening, data security, I-9 regulations, and legislation in our monthly compliance newsletter.
- Blog: We cover a variety of topics affecting our industry on our blog.
- How-to-guide: A go-to reference to resolve the most common issues.
- Webinars: We offer monthly webinars that address changes in policies and emerging trends in acceptable practices regarding background screening and relevant HR topics.
In addition, we provide ready-to-use documents to help keep you in compliance.
Electronic Authorizations and Disclosures
If utilizing the electronic authorizations and disclosures via Data Facts’ QuickApp™, the appropriate state disclosures and/or notices will populate for your applicant based on where they indicate that they live and/or are working.
Adverse Action Notices and Reminders
Pre-adverse and Adverse Action Letters can all be sent out electronically (via email and/or text) through our platform. The email and accompanying letter are automatically customized with your specifications, and our technology allows you to see if and when the candidate has opened the email. Additionally, your account can be configured to automatically remind you to send the Final Notice of Adverse Action after a specified number of days from the time you sent the Pre-Adverse Notification.
Q: What is Data Facts’ Incident Response protocol?
A: Upon the discovery of a breach or suspected breach, End-Users should notify Data Facts immediately. Email notification should be sent to compliance@datafacts.com or call 800-264-4110.
Data Facts may take any action it considers appropriate to safeguard the data, including but not limited to suspension of client’s access until Data Facts has determined the client’s environment is safe.
- Client will comply with all federal and state breach laws.
- Client must take immediate steps to protect Data Facts’ consumer reports to minimize the amount of data compromised. Those steps include but are not limited to suspending access of all end users involved. Access may be suspended for an individual or identified group or suspected violators.
- Client will actively cooperate with and participate in any investigation conducted by Data Facts that results from the client’s breach or suspected breach of information. User will respond to related requests as required for all investigations.
- If the root cause of the breach is determined to be under control of the client (employee or former employee fraud, misconduct or abuse, access by an unqualified or improperly qualified end user, poor information security practices, ID sharing, etc.) Data Facts may assess a client an expense recovery fee.
Ordering Process & Reporting FAQs
Management Reports
Q: Do you provide your clients with Management Reports?
A: The following reports are available 24/7 for authorized users who have administrative rights on the ordering platform. All the reports listed below can be sorted by a variety of different fields and filtered to include all communities or only ones you wish to select. These reports are typically generated in less than one minute. However, our Operations Team and/or Client Success Team is more than happy to run these reports for you at the frequency that you desire.
A Product Utilization Report (Volume – All Products) is available in our system, breaking down the number of services/products ordered during a specific time frame and even down to specific locations/child accounts. This report also shows the number of reports that were ran over the selected time period.
A Time Service Report is available in our system and can generate actual response time per report and average response time for reports at specific locations during specific time frames. You can also see the turnaround time for specific product components within each report.
A Status Report is available in our system that will allow you to see the open/pending reports.
A Hit Ratio Report is available in our system that will break down the actual amount and percentage amount of adverse information returned during a given time period. This can be generated for specific locations or for the company as a whole.
If you choose to utilize The Decision Tool, you can also run the Decision Report to see which decisions have been made on which applicants. For example, you could run a report to see which applicants are in “purple” (adverse action process) or “red” (who was denied employment).
Authorized users can also access invoices on our system. There are a few different layouts that users can choose from. If you need your invoice in a different format, our accounting team can create that format for you.
Drug Screening Reports: Multiple types of drug screening reports are available. You can run reports based on the reason for testing, results, randoms, etc.
Additionally, our Operations Team has access to a report writer. If there is a report that you need, and it is not already available on our platform, we can configure the report and add it to your account so that your users can have access to pull the reports and data that you need. This service is available at no extra charge.
Results Time Frame
Q: Are results returned 24/7 or just during business hours?
A: Any results for instant products that do not return adverse information are returned 24/7. Otherwise the Data Facts offices are open 7AM-7PM CT.
Batch Ordering
Q: Does Data Facts provide batch ordering services?
A: Yes, batch uploads are available to accommodate bulk ordering. If screening for several applicants at one time or for periodic employee monitoring, the batch upload provides a solution for rapidly uploading many orders at once.
Authorization Documents
Q: Does Data Facts use hard copy documents for the authorization process or is it handled electronically?
A: We can use either hard copy documents or electronically sent and signed documents for the authorization process. The electronically signed documents can be sent by email or through our mobile platform, QuickApp.
Online Ordering Process
Q: How does your online ordering and retrieval process work?
A: There are four main ways that a background check can be ordered:
1. Applicant Tracking System Integrations — Data Facts is integrated with over 75 different applicant tracking systems. Ordering via an integration is sure to improve your efficiencies and expedite your screening process by eliminating the need to reenter the applicant information for the background check.
With seamless access and an interactive workflow for managing background screening requirements, the solution offers a fast, simple, and intuitive user and applicant experience, allowing you to increase workforce productivity, reduce time-to-hire, and get more high-quality hires.
2. Traditional Ordering Method — An authorized employee will access the Data Facts platform, select the “Order” tab. The customized service package options will be shown on the screen and the user will select the appropriate package. (Note: Administrative users can choose to hide specific packages if they prefer.) The user will provide the required applicant information for the background check and/or drug screen and click submit.
3. Applicant Order Entry — Our mobile application products allow applicants to order their own report (via a custom link that Data Facts provides to the client), which removes the data entry burden from the HR professional. It also minimizes the risk of data entry errors and duplicate order entry. Furthermore, it allows the applicant to electronically sign their authorization and disclosure.
4. Batch Uploads — Batch uploads are available to accommodate bulk ordering. If screening for several applicants at one time for such events as new store openings or special screening projects, the batch upload provides a solution for rapidly uploading many orders at once.
Order Status & Notifications
Q: How will we be kept advised of our order status?
A: Any time after a background check has been ordered, a user can sign into your ATS platform or our platform and view the overall status of a report. Reports that have adverse information are clearly labeled with a flag. There is also an option for users to receive email notifications whenever a search on a report is flagged and/or to receive an email notification after the entire report is complete.
If there is a delay on a specific search, the investigator working the file will contact the requestor via the preferred communication method established during account set up. Our investigators can communicate with our clients via telephone call, direct email, support ticket system, and by placing updates directly in the “notes” section of the background check. Additionally, many of our investigators have clients who prefer to use other communication methods such as Slack or Skype instant messaging.
Communication of Delays
Q: Do you notify employers if there is a delay and how long?
A: Yes. Open communication is one of our top priorities. Our Operations team will proactively notify you if part of your order is going to be delayed, and offer an ETA on when it can be expected.
Return of Results
Q: Are individual search results available as they are completed?
A: Individual search results ARE available as they are completed. You can log into our platform at any time to view results of components. Once the report is fully completed, the results will populate in the ATS.
Q: Do you provide your clients with Management Reports?
A: The following reports are available 24/7 for authorized users who have administrative rights on the ordering platform. All the reports listed below can be sorted by a variety of different fields and filtered to include all communities or only ones you wish to select. These reports are typically generated in less than one minute. However, our Operations Team and/or Client Success Team is more than happy to run these reports for you at the frequency that you desire.
A Product Utilization Report (Volume – All Products) is available in our system, breaking down the number of services/products ordered during a specific time frame and even down to specific locations/child accounts. This report also shows the number of reports that were ran over the selected time period.
A Time Service Report is available in our system and can generate actual response time per report and average response time for reports at specific locations during specific time frames. You can also see the turnaround time for specific product components within each report.
A Status Report is available in our system that will allow you to see the open/pending reports.
A Hit Ratio Report is available in our system that will break down the actual amount and percentage amount of adverse information returned during a given time period. This can be generated for specific locations or for the company as a whole.
If you choose to utilize The Decision Tool, you can also run the Decision Report to see which decisions have been made on which applicants. For example, you could run a report to see which applicants are in “purple” (adverse action process) or “red” (who was denied employment).
Authorized users can also access invoices on our system. There are a few different layouts that users can choose from. If you need your invoice in a different format, our accounting team can create that format for you.
Drug Screening Reports: Multiple types of drug screening reports are available. You can run reports based on the reason for testing, results, randoms, etc.
Additionally, our Operations Team has access to a report writer. If there is a report that you need, and it is not already available on our platform, we can configure the report and add it to your account so that your users can have access to pull the reports and data that you need. This service is available at no extra charge.
Q: Are results returned 24/7 or just during business hours?
A: Any results for instant products that do not return adverse information are returned 24/7. Otherwise the Data Facts offices are open 7AM-7PM CT.
Q: Does Data Facts provide batch ordering services?
A: Yes, batch uploads are available to accommodate bulk ordering. If screening for several applicants at one time or for periodic employee monitoring, the batch upload provides a solution for rapidly uploading many orders at once.
Q: Does Data Facts use hard copy documents for the authorization process or is it handled electronically?
A: We can use either hard copy documents or electronically sent and signed documents for the authorization process. The electronically signed documents can be sent by email or through our mobile platform, QuickApp.
Q: How does your online ordering and retrieval process work?
A: There are four main ways that a background check can be ordered:
1. Applicant Tracking System Integrations — Data Facts is integrated with over 75 different applicant tracking systems. Ordering via an integration is sure to improve your efficiencies and expedite your screening process by eliminating the need to reenter the applicant information for the background check.
With seamless access and an interactive workflow for managing background screening requirements, the solution offers a fast, simple, and intuitive user and applicant experience, allowing you to increase workforce productivity, reduce time-to-hire, and get more high-quality hires.
2. Traditional Ordering Method — An authorized employee will access the Data Facts platform, select the “Order” tab. The customized service package options will be shown on the screen and the user will select the appropriate package. (Note: Administrative users can choose to hide specific packages if they prefer.) The user will provide the required applicant information for the background check and/or drug screen and click submit.
3. Applicant Order Entry — Our mobile application products allow applicants to order their own report (via a custom link that Data Facts provides to the client), which removes the data entry burden from the HR professional. It also minimizes the risk of data entry errors and duplicate order entry. Furthermore, it allows the applicant to electronically sign their authorization and disclosure.
4. Batch Uploads — Batch uploads are available to accommodate bulk ordering. If screening for several applicants at one time for such events as new store openings or special screening projects, the batch upload provides a solution for rapidly uploading many orders at once.
Q: How will we be kept advised of our order status?
A: Any time after a background check has been ordered, a user can sign into your ATS platform or our platform and view the overall status of a report. Reports that have adverse information are clearly labeled with a flag. There is also an option for users to receive email notifications whenever a search on a report is flagged and/or to receive an email notification after the entire report is complete.
If there is a delay on a specific search, the investigator working the file will contact the requestor via the preferred communication method established during account set up. Our investigators can communicate with our clients via telephone call, direct email, support ticket system, and by placing updates directly in the “notes” section of the background check. Additionally, many of our investigators have clients who prefer to use other communication methods such as Slack or Skype instant messaging.
Q: Do you notify employers if there is a delay and how long?
A: Yes. Open communication is one of our top priorities. Our Operations team will proactively notify you if part of your order is going to be delayed, and offer an ETA on when it can be expected.
Q: Are individual search results available as they are completed?
A: Individual search results ARE available as they are completed. You can log into our platform at any time to view results of components. Once the report is fully completed, the results will populate in the ATS.
Data Security & Policy FAQs
Information Confidentiality
Q: What measures does Data Facts take to ensure the confidentiality of participant information?
A: Data Facts has passed the SOC 2 Type 2 Certification. Access to the system requires the use of Hypertext Transfer Protocol Secure (HTTPS). Supported web browsers automatically secure the session communications. Communications between end-users and the system services are encrypted using TLS V1.2 or higher. Data is encrypted as it travels between the client web browser and the servers and can only be decrypted with a public and private key pair. Production data at rest uses drive-level encryption as a minimum, with some sensitive data utilizing an additional layer of application-level encryption.
Security commitments are standardized and include the following:
- Security principles within the fundamental designs of the platform permit system users to access information they need based on their role in the system while restricting them from accessing information not needed for their role.
- Use of encryption technologies to protect sensitive data both at rest and in transit.
- Network security mechanisms
- System monitoring
Operational requirements are established that support the achievement of security, availability and confidentiality commitments, and other system requirements. Such requirements are listed in the system policy and procedures, system design documentation, and contracts with clients. Information Security policies define an organizational-wide approach to how systems and data are protected. These include policies around how the system is designed and developed, how the system and networks are managed and how employees are hired and trained. In addition, standard operating procedures have been documented on how to carry out specific manual and automated processes required in the operation and development of TazCloud.
Additionally, while other screening companies house sensitive data right on their own in-house servers, our platform boasts the following security benefits:
- State of the art physical and electronic controls including biometric access and bunker-style construction
- Multi-layer SSL encryption channels
- Soc 2 Type 2 certification
- PCI certification
- Cybertrust Certification
- System Redundancy & Daily Data Back Up
Retention & Disposal Policy
Q: How does your retention and disposal policy work?
A: Reports located in our system will remain active for 90 days after completion of the report. After 90 days the system will create a PDF version without changing anything else in the system. The system will archive reports after 365 days after the completion of the report. Archive reports will be available for you to print and view in the advanced settings tab. Data purge is set for 5 years. Electronic files containing consumer information will be erased so that the information cannot be read or reconstructed.
Disaster Recovery Plan
Q: Does Data Facts have a disaster recovery plan?
A: Data Facts has a written policy on Disaster Recovery and Business Continuity. The purpose of this plan is to communicate plans and procedures in the event of extended service outages caused by factors beyond our control (natural disasters, man made events or pandemic outbreaks). The object is to restore services to the widest extent possible in a minimum time frame. In the event such a disaster occurs, Data Facts has documented procedures to follow to limit any disruption in service to our clients. Responsive communication is critical. Data Facts will take all measures necessary to communicate with all affected parties as soon as proper evaluation has been made of the circumstances and important details can be provided. Data Facts has a clear process and defined procedures for ensuring not only the safety of information but also to ensure any disruption in service due to circumstances beyond our control, is kept to a minimum and that recovery from such an event be swift and efficient. This plan is tested annually.
Recovery & Backup Systems
Q: Does Data Facts have a recovery/backup system?
A: Yes. Data Facts' system utilizes real-time database mirroring across multiple geographically isolated availability zones in the US-West-2 (Oregon) and US-East-1 (Virginia) AWS Regions to ensure the availability and durability of system data. In the event of a catastrophic primary database failure, the system can automatically promote a reader instance to primary in a matter of minutes. Additionally, encrypted database snapshots are kept for fourteen days allowing point-in-time recovery.
Recovery Point Objective (RPO)
The Data Facts' system database is replicated twelve times across six separate, geographically isolated data centers in real-time. We expect virtually no data loss in the event of a catastrophic primary database failure for a recovery point objective on the order of tens of milliseconds.
Recovery Time Objective (RTO)
The recovery time objective for Data Facts' system is 24 hours. In practice, in the event of a catastrophic primary database failure, we expect failover to happen within minutes.
Q: What measures does Data Facts take to ensure the confidentiality of participant information?
A: Data Facts has passed the SOC 2 Type 2 Certification. Access to the system requires the use of Hypertext Transfer Protocol Secure (HTTPS). Supported web browsers automatically secure the session communications. Communications between end-users and the system services are encrypted using TLS V1.2 or higher. Data is encrypted as it travels between the client web browser and the servers and can only be decrypted with a public and private key pair. Production data at rest uses drive-level encryption as a minimum, with some sensitive data utilizing an additional layer of application-level encryption.
Security commitments are standardized and include the following:
- Security principles within the fundamental designs of the platform permit system users to access information they need based on their role in the system while restricting them from accessing information not needed for their role.
- Use of encryption technologies to protect sensitive data both at rest and in transit.
- Network security mechanisms
- System monitoring
Operational requirements are established that support the achievement of security, availability and confidentiality commitments, and other system requirements. Such requirements are listed in the system policy and procedures, system design documentation, and contracts with clients. Information Security policies define an organizational-wide approach to how systems and data are protected. These include policies around how the system is designed and developed, how the system and networks are managed and how employees are hired and trained. In addition, standard operating procedures have been documented on how to carry out specific manual and automated processes required in the operation and development of TazCloud.
Additionally, while other screening companies house sensitive data right on their own in-house servers, our platform boasts the following security benefits:
- State of the art physical and electronic controls including biometric access and bunker-style construction
- Multi-layer SSL encryption channels
- Soc 2 Type 2 certification
- PCI certification
- Cybertrust Certification
- System Redundancy & Daily Data Back Up
Q: How does your retention and disposal policy work?
A: Reports located in our system will remain active for 90 days after completion of the report. After 90 days the system will create a PDF version without changing anything else in the system. The system will archive reports after 365 days after the completion of the report. Archive reports will be available for you to print and view in the advanced settings tab. Data purge is set for 5 years. Electronic files containing consumer information will be erased so that the information cannot be read or reconstructed.
Q: Does Data Facts have a disaster recovery plan?
A: Data Facts has a written policy on Disaster Recovery and Business Continuity. The purpose of this plan is to communicate plans and procedures in the event of extended service outages caused by factors beyond our control (natural disasters, man made events or pandemic outbreaks). The object is to restore services to the widest extent possible in a minimum time frame. In the event such a disaster occurs, Data Facts has documented procedures to follow to limit any disruption in service to our clients. Responsive communication is critical. Data Facts will take all measures necessary to communicate with all affected parties as soon as proper evaluation has been made of the circumstances and important details can be provided. Data Facts has a clear process and defined procedures for ensuring not only the safety of information but also to ensure any disruption in service due to circumstances beyond our control, is kept to a minimum and that recovery from such an event be swift and efficient. This plan is tested annually.
Q: Does Data Facts have a recovery/backup system?
A: Yes. Data Facts' system utilizes real-time database mirroring across multiple geographically isolated availability zones in the US-West-2 (Oregon) and US-East-1 (Virginia) AWS Regions to ensure the availability and durability of system data. In the event of a catastrophic primary database failure, the system can automatically promote a reader instance to primary in a matter of minutes. Additionally, encrypted database snapshots are kept for fourteen days allowing point-in-time recovery.
Recovery Point Objective (RPO)
The Data Facts' system database is replicated twelve times across six separate, geographically isolated data centers in real-time. We expect virtually no data loss in the event of a catastrophic primary database failure for a recovery point objective on the order of tens of milliseconds.
Recovery Time Objective (RTO)
The recovery time objective for Data Facts' system is 24 hours. In practice, in the event of a catastrophic primary database failure, we expect failover to happen within minutes.