Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices regarding data center location, business operations, facility characteristics, software controls, risk mitigation, and more can be instrumental in preventing unexpected events from affecting customers of the A360 Managed Services.
The following practices help to maintain secure and dependable operation of the A360 Managed Services.
Autodesk selects the most reputable data center providers to host the production systems for A360 Managed Services. Each data center furnishes 24/7 security staffing and formalized security access procedures. Advanced technologies provide physical and electronic barriers that help to control access.
Experienced security firms conduct semiannual independent security reviews on the service environment of the A360 Managed Services.
Each data center that hosts the A360 Managed Services includes redundant systems to manage its environment, hardware, and network connectivity. Multiple levels of protection help to mitigate the risk of downtime.
Data centers for the A360 Managed Services are located in both the eastern and western United States. Geographically dispersed data centers provide fault separation and improve system performance. Autodesk maintains at least one, identical, geographically dispersed standby data center for A360 Managed Services in case of a total outage at the primary data center.
Companies outside the United States sometimes have questions about the U.S. Patriot Act and its effect on data privacy and law enforcement for them. In response, the U.S. government addressed common misunderstandings in Five Myths Regarding Privacy and Law Enforcement Access to Personal Information in the European Union and the United States.
The Autodesk Security Operations team segregates A360 Managed Services networks from all other corporate networks. The team regularly scans all Internet-facing service endpoint IP addresses used by the A360 Managed Services for vulnerabilities (these scans do not include customer instances).
Autodesk strictly enforces information security procedures related to staff communications involving the Internet, files, email, and more to further protect privileged customer information related to the A360 Managed Services.
Autodesk protects customer data within the A360 Managed Services by using a multitenancy model to provide an additional layer of separation at the application level. This model uses a single instance of a software application to serve multiple customers, or tenants. For further protection, tenants cannot customize the application's underlying code.
The Autodesk Security Operations team works with independent external security experts to regularly perform extensive security scans and assessments of the applications that make up the A360 Managed Services
Autodesk uses automated monitoring tools to oversee the proper operation of A360 Managed Services components. Reliable monitoring tools help us to respond to incidents before they affect customers.
Autodesk Security Operations employs an incident management process to quickly respond to events that adversely affect the A360 Managed Services. If you believe such an event has occurred, members of the A360 Operations team are available 24/7 to respond. We treat events that directly impact customers with the highest priority. To report an incident, contact us at email@example.com.
The Autodesk Security Operations team conducts semiannual security policy audits.
In addition, we may update our security policy periodically during the year as needed. For example, we review and implement new policy solutions from respected trade groups as appropriate. If we discover a procedural vulnerability, security policy updates may be implemented promptly.
Customers own the data that they place in the A360 Managed Services. At any time during the use of these services, you can export your data. If you decide to stop using the services, you have 30 days to export your data. Refer to the Autodesk Terms of Service for details.