The RecordPoint Platform provides organizations with a cloud-based information governance platform that is comprehensively operated and managed.
RecordPoint has an adaptable layer of intelligence that connects all your data and content across platforms, helping you achieve greater operational efficiency while keeping data compliant and reducing risk.
On-going assessment, proactive monitoring, and reporting of the service along with a continuous update process, ensures hassle-free compliance with your information governance requirements.
RecordPoint is available in multiple geographies to maintain customer data sovereignty.
High availability and continuous replication of data ensure service continuity should the primary data stores fail. High availability and replication within a data center region are included in the service.
We’re always searching for new ways to improve our products and services. Here are just a few of the ways we’re continually improving our technology, subject matter expertise, and commitment to ongoing innovation.
In addition to our existing U.S. data center, we’ve expanded our customers’ global reach with data centers in the United States, Canada, the UK, and Australia, with more additions planned.
RecordPoint is always evolving. We are relentless in our pursuit to provide the best experience so that you can manage your information with an ever-growing suite of features and functions.
We consistently release new connectors that help you extend advanced governance across multiple sources, including Microsoft Exchange Online, Dropbox, Teams, and others. You can also develop your own custom connectors. Our Connector framework allows for connection to hundreds of the business systems your business relies on. Whatever the system or use case, Connectors ensure your information is managed in an automated, compliant manner.
We understand security is paramount for our customers. In this trust portal you’ll find information about how RecordPoint keeps your information secure.
Our variety of plans and rate-based licensing model help make it more affordable for any organization to subscribe to and implement RecordPoint.
he RecordPoint Platform consists of four major components:
The Intelligent Policy engine sits at the heart of RecordPoint. It is responsible for processing ingested objects from content sources and categorizing items using a powerful rules engine. Only the metadata of an object is required to be ingested into RecordPoint. The file or document remains in place in the content source and can be edited by users in the content source.
The engine allows customers to create a unified set of rules for applying information governance policies across all connected content sources.
RecordPoint Connectors framework allows RecordPoint to easily manage content in multiple, heterogeneous content sources. A rich REST-based API surface allows content sources and types not natively supported to be rapidly integrated.
The Search component provides users with the ability to search through vast amounts of structured, semi-structured, and unstructured data that is being managed by RecordPoint.
RecordPoint federates with the customer’s MS Entra / Azure AD to provide a seamless single sign-on (SSO) experience for users needing to access the RecordPoint web portal. As a result, users can use their corporate credentials to sign in. In addition, any authentication policies, such as multi-factor authentication, are respected.
All service components are hosted on Microsoft Azure using a mix of virtualized compute resources and Platform as a Service (PaaS) offerings.
All service components are built to be fault tolerant with multiple levels of redundancy. Processing tasks carried out by the service are spread across a cluster of compute nodes. Compute clusters are resilient to single and multi-node failures. Furthermore, compute clusters can be rapidly scaled to provide additional throughput when processing demand peaks. Storage & backup components of the service are geographically redundant.
RecordPoint operates out of Microsoft Azure data centers in four major geographical regions: North America, Canada, Europe, and Asia Pacific. We operate our global operations center (GOC) out of Sydney, Australia, and Seattle, USA providing true global “follow the sun” capability.
The RecordPoint Platform uses a plan-based reserved capacity pricing model.
The service is available on term contracts for an annual service fee based on the RecordPoint plan and add-ons chosen by the customer.
The RecordPoint plan and add-ons become fixed components of the minimum contracted service, determining the final annual price charged to a customer. Billing occurs annually in advance of the term of the agreement.
Additional add-ons or plan changes after the service is commissioned are billed in advance, pro-rated to the anniversary date of the service. Plan changes and / or additional add-ons become part of the new minimum contracted service that a customer is charged annually.
The Connector framework allows for connection to hundreds of business systems. As most enterprise systems used today have characteristics unique to your organization, there may be additional costs for configuration.
Connect any unstructured file shares, such as SAMBA, Windows, Azure, AWS, etc. Assess for duplicates, ROT, PII, and PCI data. Data stays within your secure environment during the analysis.
Enriches the existing metadata by incorporating consistent and relevant additional information from external or third-party systems.
Machine learning (ML)powered classification. Fully-integrated ML feature using text, Image, Optical Character Recognition (OCR). Train an ML model against thousands of categories.
Enables search functionality that examines the textual information within documents or data sets rather than just metadata.
The Content Sampling feature efficiently handles binary ingestion by storing only essential binaries for a short duration. This enables ML model training without storing all binaries in RecordPoint, a requirement often sought by Financial Services customers.
An evergreen document with version history enables organizations to track and access all record versions, facilitating timely and accurate transfers and downloads for internal and external needs.
A powerboost refers to a specific timeframe during which you can process records at an accelerated pace.
Allows for the management of customers who have multi-geo OneDrive and SharePoint Online infrastructure geographically separated.
Allows for the management of customers who have multi-tenancy solutions, e.g. A single Active Directory and multiple RecordPoint Platform instances.
For organizations who want more control of their data, remote blob storage allows customers to use their own Azure storage to store binaries, rather than using RecordPoint’s secure storage facility.
Integrate data with RecordPoint using our robust API (Application Programming Interface) allows you to extract and manipulate data, automate processes, and build custom integrations to meet your unique business needs.
Allows customer to ensure that their environment remails IRAP certified.
Allows for the shipping of sentinel logs direct to customer.
Guaranteed private link between RecordPoint and the customer's systems.
Consulting services are considered extra and are charged at pre-agreed rates in addition to the service fee.
The annual service fee is billable in advance based on the minimum contracted service. Additional charges are invoiced on an annual prorated basis. Invoices are issued at the beginning of the month.
RecordPoint will automatically generate renewal invoices 30 days in advance of term expiry.
The table below outlines the high-level areas of RecordPoint responsibility and customer responsibility across the RecordPoint Platform service.
The Service specifically excludes any item not explicitly described in this Service Description.
RecordPoint is designed to work with the following software:
All communication with the Service is conducted over a TLS connection to enhance security.
Although RecordPoint does not recommend that you connect to the RecordPoint Platform using older browsers and clients, we provide limited support as long as its manufacturer supports that software.
Specifically, if you continue to use older browsers and clients:
For the best experience using RecordPoint, we recommend always using the latest browsers, Microsoft Office clients, and apps. We also recommend that you install software updates when they become available.
RecordPoint leverages MS Entra / Azure AD to authenticate and authorize end-users as well as connect to remote content sources via the Connector framework. MS Entra / Azure AD is a prerequisite for usage of the service. MS Entra / Azure AD manages role assignments that provide end-users access to the RecordPoint portal through MS Entra / Azure AD.
The RecordPoint Platform is hosted entirely within Microsoft Azure and is available on the public Internet. One or more network connections to the public Internet will be required to connect a customer’s network to the Service. All communication with the service is conducted over a TLS-secured connection.
The RecordPoint Platform is available to customers 24 hours per day, 7 days per week, 365 days per year.
From time to time, the service may be impacted by maintenance windows. These windows will be communicated to customers via the change management process in advance and are not SLA-impacting.
The RecordPoint Platform is governed by a service level agreement (SLA) which is specific to you as a customer and forms part of your customer agreement.
The standard service availability, measured by Monthly Uptime Percentage for RecordPoint is 99.9%.
The method of calculation is shown below.
Any period of time when the RecordPoint Platform is unavailable, and the service is not in a maintenance window. Unavailable is defined as an end-user being unable to connect to the RecordPoint portal (see service limitations for details).
No service levels are offered around ingestion latency from remote content sources. However, RecordPoint will endeavor to ensure that records are ingested continuously at a reasonable rate.
The Monthly Uptime Percentage is calculated using the following formula:
(Service Minutes - Downtime Minutes) / (Service Minutes) x 100
Service Credits are your sole and exclusive remedy for any performance or availability issues for any Service under the Agreement and this SLA. You may not unilaterally offset your Applicable Monthly Service Fees for performance or availability issues.
Service Credits apply only to fees paid for the particular Service, Service Resource, or Service tier for which a Service Level has not been met. In cases where Service Levels apply to individual Service Resources or to separate Service tiers, Service Credits apply only to fees paid for the affected Service Resource or Service tier, as applicable. The Service Credits awarded in any billing month for a particular Service or Service Resource will not, under any circumstance, exceed your monthly service fees for that Service or Service Resource, as applicable, in the billing month.
If you purchased Services as part of a suite or other single offer, the Applicable Monthly Service Fees and Service Credit for each Service will be available for the least expensive element of the service as determined by us in our reasonable discretion.
The standard Service Level Agreement and any applicable Service Levels do not apply to any performance or availability issues:
The binary protection feature of RecordPoint is not intended to substitute, in any way, shape, or form, backups of the binaries (i.e., Word, Excel documents) in the content source(s) that are being managed by RecordPoint. The client is responsible for ensuring that appropriate backup & restore capabilities are in place to protect content in the managed content source(s). RecordPoint binary protection supports binaries up to 500 MB in size. Any binary that exceeds this limit will not be protected by RecordPoint.
To obtain our customers’ early feedback and involve them in our Product development process, RecordPoint might make features available in a preview-only mode, which are explicitly excluded from any Service Levels defined in this Service Description.
Preview Features:
RecordPoint has technical and operational controls in place to ensure that customer data is backed up in a secure and redundant manner.
All RecordPoint customer data is backed up at the following frequency:
Backups are stored in a geographically redundant manner, ensuring backups are available even in the event of a data center-level failure.
Backups are encrypted at rest using AES-256-bit encryption.
Backups are retained for up to 7 days.
These technical controls have been implemented to ensure that RecordPoint customers incur minimal data loss in the event of a disaster or service outage.
RecordPoint uses a variety of technical controls as well as a distributed service architecture to maximize service availability.
Using a distributed service architecture, RecordPoint is able to spread processing tasks across clusters of compute nodes, thereby eliminating service availability impacts of individual compute nodes failing.
In addition, the following technical controls are in place to maximize service availability:
RecordPoint tests service continuity and disaster recovery automation and procedures annually to ensure that these align with the RPO and RTO below.
The Recovery Point Objective (RPO) represents the maximum amount of time for which data loss may occur in the event of a service outage.
RecordPoint currently offers an RPO of twelve (12) hours for the RecordPoint Platform.
The Recovery Time Objective (RTO) represents the maximum time before the service becomes operational again after a service outage.
RecordPoint currently offers an RTO of forty-eight (48) hours for the RecordPoint Platform.
The above RTO commitment is not applicable when the underlying base Azure platform is experiencing a complete outage in any of the Azure regions in which RecordPoint is hosted. In such scenarios, the RTO commitment only becomes effective once the impacted Azure region has recovered from the outage. The RecordPoint service has been designed to minimize data loss in the event of a service disruption by ensuring that connectors can track their progress of synchronizing changes from a connected content source in a durable way. This allows connectors to simply resume operation from where they left off prior to a service disruption.
At RecordPoint, we understand that the security and privacy of your data are of utmost importance. As a trusted SaaS provider, we have implemented robust security measures to protect your data and ensure compliance with data protection regulations. RecordPoint has a rigorous set of technical and policy-based controls in place to ensure that customer data is kept secure and confidential.
The following controls are enforced by RecordPoint as part of the operation of the RecordPoint service:
RecordPoint undergoes SOC 2 Type 2 audits to verify that technical and policy controls governing the security, availability and confidentiality of the RecordPoint Platform are operating correctly.
As part of the audit process, RecordPoint is assessed against the following trust service principles:
A 3rd party auditor verifies that these controls and policies pertaining to the trust service principles are operating through a series of on-site interviews, control demonstrations and evidence-based analysis.
The latest SOC 2 Type 2 report can be made available upon request by emailing trust@recordpoint.com
RecordPoint has been assessed by an independent 3rd party assessor accredited under the Australian Federal Government’s IRAP Assessment Program.
The assessment includes a review of both the RecordPoint Platform and RecordPoint as an organization against the requirements of the Australian Government Information Security Manual (ISM) to store PROTECTED classified data.
The latest IRAP Assessment can be made available upon request by emailing trust@recordpoint.com
RecordPoint has been certified against the UK National Cyber Security Centre’s Cyber Essentials standard. The latest Cyber Essentials certificate can be found using the NCSC Certificate search or by emailing trust@recordpoint.com
Maintenance windows enable planned service interruptions so that essential maintenance, repairs, housekeeping or service upgrades can be carried out.
Such windows will be raised and notified through the change management process. Notification and approval will include, but not be confined to, the primary customer contact.
RecordPoint is an evergreen service, and service updates are regularly applied to the RecordPoint Platform. Service updates incur no downtime, and the RecordPoint Platform will remain available for the duration of the update being applied.
In special circumstances, RecordPoint may need to perform more complex service updates where the RecordPoint Platform becomes temporarily unavailable. In such cases, RecordPoint will schedule a maintenance window.
The service provides a fully managed and supported records management service consisting of:
Various systems are in place to ensure that the systems underpinning RecordPoint are properly managed and monitored. These consist of:
The RecordPoint service is monitored 24 hours per day by our Site Reliability Engineering (SRE) team.
Applications, virtual hosts, networks, and storage are continuously monitored to ensure the service operates within desired service levels. Capacity is monitored to ensure that there are adequate compute, storage and networking resources to support the current service utilization plus any anticipated growth in utilization.
We also store anonymous data that allows us to track system trends, user activity, and the technical effects of onboarding new customers and new releases.
Anonymous age data is collected for capacity planning and monitoring purposes.
The following table shows indicative response times to proactively monitored events.
RecordPoint provides support services to RecordPoint customers to ensure that any issues and questions encountered are resolved promptly.
RecordPoint offers a “follow-the-sun” support model in which support tickets are handled by and passed between support desks for increased responsiveness and around-the-clock support.
Upon commencement of the service, customers are onboarded to the RecordPoint support portal, which can be used to log support tickets (service requests) and access the RecordPoint knowledge base.
Support desks are situated in the locations listed below. Each support desk has its own dedicated phone number.
RecordPoint will support the service in conjunction with the service levels defined in the customer agreement document.
The following tables describe the support entitlements included in each RecordPoint plan.
A RecordPoint support engineer will assess new service requests and adjust the priority, if necessary, in line with the priority levels described below.
The following table describes how RecordPoint support assesses the priority of a new service request.
Service request logging is provided via web support portal, email and telephone.
The fastest method to get a response and a Support Engineer working on your problem is using the RecordPoint support portal. Regardless of whether service requests are logged by web, email or telephone, they are managed using the customer support portal and this will be the place where progress on support calls is reported and managed.
The RecordPoint service activation process consists of capturing information in the Service Data Sheet and various forms and documents that outline the service requirements, including production, staging and development service instances, site, and contact details.
Depending on the customer's needs, the RecordPoint offloading process service may incur additional costs charged on a cost recover basis.
The activation process then consists of the following:
The following are pre-requisites to onboarding:
The Migration Plan outlines the phasing of users onto the service, the major technical activities required, such as access planning, security requirements, and a plan for the initial submission of records into the RecordPoint service.
The following services are additional to the standard activation process and require additional scoping and investment.
The service off-boarding process consists of reviewing information in the Service Data Sheet, the various forms and documents that outline the customer’s provisioned services, including production, staging and development service instances, site and contact details.
The service deactivation process then consists of the following:
At RecordPoint, we are committed to upholding the strictest security on information that we retain and ensuring that your information remains protected when our solutions communicate with you or on your behalf.
We have made it our policy to encrypt and secure information that travels between our RecordPoint service and user computers, information that travels between the components of our systems that communicate over the internet and for critical data at rest.
This statement summarizes the use of encryption in the RecordPoint service and related RecordPoint computer and communications systems.
Transport Layer Security (TLS) secures communication transmitted over the Internet using standard encryption technology. Securing communication this way reduces the risk of interception, eavesdropping, and forgery.
In RecordPoint, our TLS usage has the following attributes:
RecordPoint applies encryption at the following layers:
Transparent Data Encryption is applied to our Azure SQL(Postgres) clusters and instances to ensure that data stored is secure. All data stored by the service is secured via the Azure Storage Service through 256bit AES encryption that is always on, cannot be turned off, and is FIPS 140-2compliant. Azure SQL for Postgres inherit network security and compliance from Microsoft Azure and provide a managed layered security model with DDoS protection, a secure gateway, SSL encrypted network traffic, native firewalls, native authentication, and finally all data is automatically encrypted by the service. This primarily protects against a scenario where the physical media(such as drives or backup tapes) are stolen and a malicious party is able to restore or attach the database and browse the data.
Backup Encryption is applied to all Azure SQL (Postgres) backups which are encrypted using AES 256-bit encryption. Backups are automatically managed by Azure.
Ciphers in use meet or exceed the set defined as “AES-compatible” or “partially AES-compatible” according to the IETF/IRTF Cipher Catalog or the set defined for use in the United States National Institute of Standards and Technology (NIST) publication FIPS 140-2, or any superseding documents according to the date of implementation.
Signature algorithm used is typically RSA with 2048 key length, PKCS#7.
Last updated: August 3, 2023