The platform is hosted in Microsoft Azure. Champ offers data residency in EU and China.
The platform is built with disaster recovery in mind. The platform is spread over 3 Azure availability zones and will therefore continue normal operation in the event of a breakdown of one of these zones.
The platform uses Microsoft Application Insights for logging/auditing of activities, response times, error rate and data access.
The platform has a daily backup of data and stores data for 5 years, with the possibility of recovery.
All virtual machines and databases are backed up daily and saved according to the following:
- Daily backups are saved for 3 months
- Weekly backups are saved for 12 months
- Monthly backups are saved for 5 years
Blob (media) storage uses Zone redundant storage and is saved according to the following:
- Data is replicated across 3 data centers within Western Europe
- Soft delete is activated and data will be stored for 5 years after deletion
Access and authentication
Access to customer data is limited to a small number of Champ employees. All data is sent encrypted via HTTPS and the platform uses the "Zero-trust corporate network" principle, so that access to Champ's network does not give increased rights to the production environment in Azure. Champ enforces a strong password policy for employees and requires Multi-factor authentication (MFA) where possible, e.g. on Azure, Github and Azure DevOps.
All data on the platform is encrypted in-transit and at-rest. The platform uses HTTPS for all communication and enforces minimum TLS 1.2. All data is encrypted with AES-256 when stored.
The platform scores highly in general tests for server configuration and TLS setup. Specifically, the platform gets an A+ rating by Qualy's SSL Labs
The platform also uses HSTS and Perfect Forward Secrecy.
Penetration tests and vulnerability scans
Champ uses third-party tools for solution scanning during development and before each release. Champ also has an annual penetration test performed.