9. Operational Assurance & High Availability

Estimated reading: 2 minutes

The R3 Hybrid Architecture provides high availability and operational continuity while maintaining strict separation between metadata in the Execution Plane and documents in the customer’s Microsoft 365 tenant. Because R3 never stores document content, operational assurance applies only to the metadata-only Execution Plane and does not affect the customer’s CUI boundary.

 

9.1 Execution Plane Infrastructure (R3 GovCloud Workplace)

The Execution Plane runs in AWS GovCloud (US), providing a hardened and resilient environment for metadata processing. Key attributes include:

  • Multiple Availability Zones
  • Encrypted metadata storage (FIPS-validated modules)
  • Automated monitoring and failover
  • High-durability storage for metadata repositories
  • US-Persons-only support operations

These capabilities support reliable workflow execution without involving customer documents.

 

9.2 R3 Operational Reliability Controls

R3 operates the Execution Plane under a reliability model focused on continuity of metadata operations:

  • High Availability: multi-AZ deployment, redundant application nodes, autoscaling
  • Metadata Durability: replicated storage, write-ahead logging, automated recovery
  • Support Access: US-Persons R3 personnel with access limited to R3 systems only

These controls ensure stable operation while maintaining a strict separation from the customer’s document content.

 

9.3 Backup & Disaster Recovery (Execution Plane)

Backups apply only to structured metadata stored in the Execution Plane:

  • Full backups monthly
  • Differential backups daily
  • Transaction log backups hourly

All backup data is encrypted and retained within AWS GovCloud across multiple Availability Zones.

RTO (Recovery Time Objective): 72 hours
RPO (Recovery Point Objective): ≤ 1 hour

No customer documents are included in any R3 backup.

 

9.4 Document Plane Continuity (Customer M365 Tenant)

Continuity for documents—including all CUI—is fully governed by the customer’s Microsoft 365 tenant. Microsoft provides:

  • Multi-copy content redundancy
  • Built-in versioning and retention
  • Native ransomware recovery
  • Regional service failover

R3 has no operational responsibility for document storage, protection, or recovery because all documents reside exclusively in the customer’s tenant.

 

9.5 No Customer Documents in R3 Systems

R3 systems never store or retain customer documents. ZeroDrift ensures all documents are placed directly into Microsoft 365, where they remain under customer governance.

AI extraction uses transient access to FCI files only when invoked by a user and never stores or retains document content. CUI-labeled files are not accepted for AI extraction.

This maintains a clear boundary:

  • CUI remains entirely in Microsoft 365
  • R3 processes metadata only
  • Execution Plane continuity does not affect CUI or document content
9. Operational Assurance & High Availability - Previous 8. Shared Responsibility Model (SRM) Next - 9. Operational Assurance & High Availability 10. Customer Control Narrative