Scope and purpose:

• All employees involved in the maintenance and optimisation of the ratemyservice.co.ke platform including system design, specifications development, and system implementation.
• These standards govern how we build and maintain our platform in an optimal, secure and controlled manner and according to industry best practices.
• The standards ensure resources are accessible when needed by authorised users and are protected against disruptions or outages.

Backup and Recovery

• Ensure automated platform backups are undertaken.
• Test backup rollbacks quarterly to verify data integrity.

System Resilience

• Use AWS and Cloudflare infrastructure security tools, including Bot, DoS (denial-of-service) and DDoS protection, for robust security.
• Implement Web Application Firewalls (WAF) on web servers, configured to block unauthorized access on specified ports.
• Deploy Caching and Queue Management to optimize system performance and reduce server load, ensuring data and services are accessible without delays.
• Ensure all EC2 instances have termination protection enabled.
• Ensure all RDS databases have deletion protection turned on.

Rate Limiting and Abuse Prevention

• Implement rate limiting and request throttling on API endpoints and critical routes to prevent abuse and DoS attacks.
• Apply rate limiting when consuming third-party APIs to mitigate misuse.