On This Page
- Personnel policy
- Risk assessment policy
- Information classification policy
- Third party vendor review policy
- Incident disclosure and notification policy
- Incident response policy
- Incident response process
- Access control policy
- Password policy
- Change management policy
- Testing policy
- Patch management policy
- Data retention and deletion policy
Tailscale’s customers are dependent on our services operating as normal. Proper planning, monitoring, and recovery steps are critical to address incidents that may impact the integrity or availability of services and data is critical to the operation of Tailscale. Business Continuity and Disaster Recovery is a set of processes and techniques used to help an organization recover from a disaster and resume routine business operations.
The following minimum standards apply to Tailscale’s assets as managed by employees, contractors and vendors. These include but are not limited to: cloud service providers, cloud regions, major components within cloud regions, key vendors (those included in our vendor assessment, and key open-source components.
Tailscale reviews its backups, and any BCP/DR plans annually with a walkthrough exercise. Tailscale tests its ability to restore production data at least annually.
Tailscale regularly reviews backups and service redundancy to ensure they can be used in the event of an outage. The Security Review Team:
- Ensures backups for key services are in place
- Tests backups and restore procedures
- Reviews proposed and existing architecture plans for resiliency
- Implements monitoring tools to detect potential continuity issues for key services
An incident could be detected internally by monitoring tools, by an employee in their course of work, or reported by a third party including customers.
Outage response and remediation
If a suspected outage or other business continuity incident is detected, it should be responded to following the Incident response process.