Atlassian announces end of life for OpsGenie. Looking to switch? We're here to help -- Learn More ➡️
Menu

Infrastructure Security Policy

1. Introduction

PagerTree is committed to ensuring the confidentiality, integrity, and availability of the systems and infrastructure that support our platform. This Infrastructure Security Policy outlines the controls and safeguards PagerTree uses to protect production environments, cloud resources, and supporting systems from unauthorized access, misuse, or disruption.

2. Scope

This policy applies to:

  • All cloud infrastructure, servers, containers, networks, and supporting services used to operate PagerTree systems
  • All employees, contractors, and approved third parties with access to production environments
  • All infrastructure-as-code, deployment pipelines, configuration management, and operational tooling

This policy does not cover end-user devices or endpoint security, which are addressed in separate policies.

3. Cloud Infrastructure Security

3.1 Hosting Environment

PagerTree hosts its primary infrastructure in regions provided by Fly.io. These environments include:

  • Secure physical data centers with restricted access
  • Redundant networking and compute resources
  • Environmental protections for power, cooling, and fire prevention
  • Compliance with industry standards such as SOC 2 Type I

3.2 Network Controls

PagerTree employs multiple layers of network protection:

  • Firewall rules and security groups restricting inbound and outbound traffic
  • Enforced TLS for all communication paths
  • Segmentation of environments (production, staging, development)
  • Use of private networking where supported by cloud providers
  • Denial of direct public access unless explicitly required

3.3 System Hardening

All infrastructure components—including virtual machines, containers, and supporting systems—are hardened using:

  • Minimal-privilege configurations
  • Latest stable OS distributions
  • Removal of unnecessary services and packages
  • Secure baseline images and reproducible build processes
  • Regular security patching and updates

4. Access Control & Authentication

4.1 Least Privilege

Access to infrastructure is granted only to authorized individuals who require it to perform their job responsibilities.

4.2 Authentication Requirements

  • Multi-factor authentication (MFA) is required for all administrative access
  • Secure protocols (e.g., SSH with strong keys, SSO-enabled consoles)
  • No shared administrative accounts
  • Role-based access enforced across all systems

4.3 Logging Access

Infrastructure access activity is logged and monitored, including:

  • SSH sessions
  • Console logins
  • API and administrative actions
  • Privilege elevation events

5. Configuration & Change Management

5.1 Infrastructure-as-Code (IaC)

PagerTree manages infrastructure through IaC principles when technically feasible, ensuring:

  • Version-controlled configurations
  • Peer review of infrastructure changes
  • Reproducible deployments

5.2 Controlled Changes

Changes to production systems follow formal procedures:

  • Documentation of intended modifications
  • Review and approval prior to deployment
  • Testing in non-production environments
  • Logging and auditability of each change

6. Monitoring & Alerting

PagerTree continuously monitors its infrastructure to detect anomalies or security issues. Monitoring includes:

  • System resource utilization
  • Network traffic patterns
  • Application health indicators
  • Security events and suspicious behavior
  • Failed login attempts and privilege escalations

Alerting systems notify the PagerTree team of abnormal conditions, allowing rapid response.

7. Data Protection

7.1 Encryption in Transit & At Rest

  • All data transmitted between clients and PagerTree services is encrypted using TLS
  • Data stored within production databases, storage services, and backups is encrypted at rest

7.2 Backup Controls

  • Encrypted backups stored in geographically diverse regions
  • Regular validation of backup integrity
  • Rolling backup retention in accordance with PagerTree’s Data Retention Policy

8. Resilience & Redundancy

PagerTree infrastructure is designed with resilience in mind, including:

  • Redundant compute nodes
  • Multi-zone or multi-region capabilities where supported
  • Automated failover and recovery mechanisms
  • Use of stateless application patterns where possible

These resiliency controls reduce downtime and improve availability.

9. Third-Party Dependencies

PagerTree evaluates third-party cloud services and infrastructure providers based on:

  • Security practices and certifications
  • Reliability and uptime performance
  • Risk assessments and vendor reviews
  • Compliance requirements

Vendors must meet PagerTree’s minimum security standards before adoption.

10. Enforcement

Failure to comply with this policy may result in:

  • Revocation of infrastructure access
  • Disciplinary action for employees or contractors
  • Termination of third-party access or contracts

11. Review and Maintenance

This Infrastructure Security Policy is reviewed at least annually or upon significant changes to PagerTree’s infrastructure, cloud environment, or security requirements. Updates require approval from PagerTree Executive Management.