Instructure Trust Center
Reliability
At Instructure, we pride ourselves on the exceptional level of uptime we offer to our valued customers. With unwavering confidence in our systems, we not only guarantee but consistently deliver an annual uptime of 99.9%. This impressive performance is a testament to our exceptional architecture, best practices, reliable availability measures, and robust incident management process.
Architecture
Instructure’s learning platform is hosted in the cloud by Instructure and delivered over the internet through the world's most trusted public cloud provider, Amazon Web Services (AWS).
As a cloud-native Software as a Service (SaaS) offering, our learning platform has been architected for both resiliency and high availability. Our 99.9% annual uptime isn't just a goal, it's something we promise and consistently deliver.
Multiple Regions Worldwide
Instructure serves a broad range of data zones globally including the United States (West & East), Canada, Australia, Singapore, Dublin, and Frankfurt. Instructure’s learning platform is designed to make full use of the real-time redundancy and capacity capabilities offered by AWS, running across multiple availability zones in regions throughout the world.
Availability
Disaster Recovery
Our services are architected to achieve both exceptionally low Recovery Point Objective (RPO) and Recovery Time Objective (RTO) in the most common scenarios and High Availability for our customers due to the distributed and resilient nature of our infrastructure. For the vast majority of failure scenarios, the need to failover to another Availability Zone (AZ) is obviated and the impacts to our services will be minimal.
The primary assumption of our disaster recovery plan is that it only addresses events that would affect an entire data center or our architecture as a whole. Failures of individual components will be recovered through robust architectural redundancies and failover mechanisms.
Business Continuity
At Instructure, we proactively approach business continuity by building resilience in our key processes, use of technology, and hiring and retaining key personnel. When unforeseen incidents impact or disrupt our business, know that we are ready to act, with robust plans to quickly recover and ensure the continuation of both our business and yours during and following any critical incident that results in disruption to our normal operational capability.
We also stand out in our transparency: we publish our availability status and updates at status.instructure.com, meaning customers are able to keep tabs on availability and their own status history: statushistory.instructure.com.
Backup Solution
Customer data is backed-up automatically both in real-time and on a 24-hour schedule to multiple geographic locations in the customer’s region, ensuring the security and reliability of data in the event of a disaster or outage of any scale. Our databases are backed up from one live database to another, with no additional load on our systems and static files are stored in secure, geographically redundant storage systems.
Redundancy
Each component is redundant with active monitoring for failure detection and failover. And for the vast majority of failure scenarios, the need to failover to another availability zone is obviated. Redundancy and monitoring has been architected in such a way that there is no single point of failure. In most cases, if an individual component in the learning platform architecture fails then another will be ready to take over immediately without any notable impact to end-users.
Service Level Agreement
Instructure will use commercially reasonable efforts to make each service available with an annual uptime percentage of at least 99.9% (“Service Commitment”). In the event Instructure does not meet the Service Commitment, the customer will be eligible to receive a service credit as described in our Master Terms and Conditions.
Incident Management Process
Instructure’s Incident Response policy is designed to ensure the following phases are carried out effectively:
- Detection: Utilizing both manual and automated detection methods, we aim to identify any system or data security breaches at the earliest possible stage.
- Assessment: Prompt measures are taken to secure the system and data, preventing further unauthorized exposure.
- Response/Recovery: Users and other affected parties are promptly notified in a responsive manner, acknowledging the potential unauthorized access and the exposure or compromise of confidential or personal information.
- Reporting: In the event of a security breach and potential unauthorized data exposure, Instructure's Chief Information Security Officer (CISO) will oversee and execute an action plan in accordance with the guidelines outlined in the following subsections. The specific plan and sequence of actions will be determined based on the type and scope of the security breach.
Instructure has a history of being transparent and will share any relevant data with its customers.
We know that our customers only benefit from transparency, which is why Instructure creates incident response reports for any downtime or significant performance issues for our users as well as publishes incident/outage history online at: https://status.instructure.com/history. We distribute our incident reports to admins at the affected university within a couple of business days of the event. We also publicly publish all of these online. Our incident reports are comprehensive and involve a large amount of reporting on the lessons learned and what, if any, actions we need to take to prevent similar outages moving in the future.
Incident Response
In the event of a breach of security and potential unauthorized data exposure, Instructure’s Chief Information Security Officer (CISO) will oversee and execute a plan of action that conforms to the industry standards.
Instructure’s Incident Response policy has been designed to ensure:
- Earliest possible detection of a system or data security breach; through both manual and automated detection methods
- Rapid securing of the system and data to prevent further unauthorized exposure;
- Responsive notification to users and other affected parties that unauthorized access may have been granted and/or confidential or personal information may have been or was exposed or compromised by a breach in system security.
Instructure employs an industry-standard, traditional three-tier technical support methodology for incident reporting, escalation, and resolution.
Our Tier 1 Support means Instructure provides first-line support where end users can contact Instructure's Support team agents 24/7/365 via online web form, email, or phone.
Get the Support You Need