INFRA-14 – Fault Tolerance

Estimated reading: 2 minutes 1199 views

What is INFRA-14 – Fault Tolerance Control?

The INFRA-14 – Fault Tolerance Control, is for confirming your organization’s ability to continue to operate despite failures or malfunctions. The focus of this control is your production environment and critical storage systems.

Fault tolerance can include:

  • Failover and high availability prevent requests from being sent to non-operable servers. Requires effective failure detection.
  • Balancing Load
  • Reducing Overload of Individual Nodes: This is a very important effect of good load balancing, but not a necessary outcome. For example, strict round-robin balancing can result in requests being sent to an overloaded system.

There is no requirement for the method or type used. Some organizations can have a high-availability or redundancy mechanism in place instead. You have the freedom to edit the TrustCloud control to be specific about your methodology.

As long as your organization has a mechanism to continue to function as usual despite failures, this control is met.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

Azure load balancer
AWS Elastic Load Balancing
GCP load balancing

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

  • N/A for this section

Control implementation

To implement this control,  

You need to define your strategy for fault tolerance, like focusing on redundancy, high availability, or fault tolerance.

  1. Redundancy: Two servers with duplicate or mirrored data
  2. High Availability: Servers have maximum uptime by removing all single points of failure.
  3. Fault tolerance: limited functionality in the event of a failure

Once your strategy is identified, purchase the necessary tools to implement it. If you are using the cloud provider option, there are many guides on the configuration.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Screenshot of the failover, redundancy, or high-availability configuration

Evidence example

For the suggested action, an example is provided below:

  1. Screenshot of the failover, redundancy, or high-availability configuration
    The following screenshot is an example of AWS. In your unique environment, take a screenshot showing the enabled configuration of some type of fault tolerance mechanism.
    INFRA 14 Fault Tolerance 01

Join the conversation

