Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
title slug policy faq weight
BCP/DR policy
bcp-dr
true
false
6

Context

Tailscale’s customers are dependent on our services operating as normal. Proper planning, monitoring, and recovery steps are critical to address incidents that may impact the integrity or availability of services and data is critical to the operation of Tailscale. Business Continuity and Disaster Recovery is a set of processes and techniques used to help an organization recover from a disaster and resume routine business operations.

Scope

The following minimum standards apply to Tailscale’s assets as managed by employees, contractors and vendors. These include but are not limited to: cloud service providers, cloud regions, major components within cloud regions, key vendors (those included in our vendor assessment, and key open-source components.

Schedule

Tailscale reviews its backups, and any BCP/DR plans annually with a walkthrough exercise. Tailscale tests its ability to restore production data at least annually.

Backups

Tailscale regularly reviews backups and service redundancy to ensure they can be used in the event of an outage. The Security Review Team:

  • Ensures backups for key services are in place
  • Tests backups and restore procedures
  • Reviews proposed and existing architecture plans for resiliency
  • Implements monitoring tools to detect potential continuity issues for key services

Outage detection

An incident could be detected internally by monitoring tools, by an employee in their course of work, or reported by a third party including customers.

Outage response and remediation

If a suspected outage or other business continuity incident is detected, it should be responded to following the Incident response process.