Internal Documentation

Business Continuity and Disaster Recovery Plan

Introduction

This Business Continuity and Disaster Recovery Plan outlines the procedures and processes to be followed in the event of a disaster or significant business disruption. The plan aims to ensure the continuity of critical business functions and the timely recovery of operations.

Scope

This plan covers all critical business functions and systems of our organization, with a focus on maintaining service to our customers and protecting our data and assets.

Objectives

  1. Ensure the safety and well-being of all employees
  2. Minimize disruption to critical business operations
  3. Protect and recover critical data and systems
  4. Maintain communication with employees, customers, and stakeholders
  5. Comply with SOC 2 and any other relevant regulatory requirements

Critical Business Functions and Systems

  1. Production application hosted on Fly
  2. Customer data stored in databases on Fly
  3. Building knowledgebase data stored in databases on Fly
  4. Code repository on GitHub
  5. Internal communication systems (Slack)
  6. Customer communication channels (Email)

Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

  1. RTO: 24 hours
  2. RPO: Full availability of the application and all customer data

Emergency Response Team

Primary and backups are identified for each of these roles:

  1. Incident Commander: Francois Huet, Bomee Jung
  2. Technical Lead: Francois Huet, Chuck Lin
  3. Internal Communications Lead: Francois Huet, Jason Block
  4. Business Continuity Manager: Bomee Jung, Jason Block
  5. Security Lead: Reuben Firmin, Francois Huet

Disaster Recovery Procedures

Incident Declaration

  1. Any employee who becomes aware of a potential disaster or significant disruption should immediately notify their supervisor or a member of the Emergency Response Team.
  2. The Incident Commander will assess the situation and declare a disaster if necessary.
  3. The Emergency Response Team will be activated and convened (virtually).

Communication

  1. The Communications Lead will initiate the emergency communication plan.
  2. Employees will be notified via Slack if during business hours, or by Phone/SMS if outside of business hours hours and urgent communication is necessary.
  3. Customers will be notified via email by the Business Continuity Manager if there is any impact on services.
  4. Regular updates will be provided to all stakeholders throughout the recovery process.

System Recovery

  1. The Technical Lead will assess the extent of the disruption to systems.
  2. If necessary, the production application will be redeployed from GitHub to Fly.
  3. Database snapshots will be restored from Fly backups.
  4. All systems will be tested to ensure proper functionality before being brought back online.

Testing and Maintenance

  1. This plan will be tested annually through a simulated disaster recovery exercise.
  2. The plan will be reviewed and updated quarterly or after any significant changes to the business or IT infrastructure.
  3. All members of the Emergency Response Team will receive annual training on their roles and responsibilities.

Plan Activation and Deactivation

  1. This plan can be activated by the Incident Commander or CEO.
  2. The plan will be deactivated when all critical systems are restored and normal business operations resume.
  3. Post-incident review will be conducted within one week of plan deactivation to identify lessons learned and areas for improvement.

Appendices

Appendix A: Emergency Contact List

First Name Last Name Phone Number
Jason Block (609) 519-5377
David Brandt (734) 904-7394
Luke Floden (502) 498-7818
Francois Huet (831) 239-8570
Katherine Jones (734) 717-9859
Bomee Jung (917) 446-2049
Ninad Kashyap (701) 404-3860
Maksym Khrystunov +380 63 640 7452
Charles Lin (646) 201-8770
Jeffry Luna +63 917 294 0204
Martine Lunis (410) 588-7803
Robin Neri (203) 273-9152
Jeremy Parker (617) 642-8092
Erika Parkins (917) 213-9048
Naina Shah (646) 961-8743
Sara Vasilovski +389 75 804255
Marc Zuluaga (917) 575-6337

Appendix B: Vendor Contact Information

Appendix C: Recovery Checklist

  1. Declare the incident
  2. Activate the Emergency Response Team
  3. Initiate emergency communications
  4. Assess damage to systems and data
  5. Begin system recovery procedures
  6. Restore data from backups
  7. Test recovered systems
  8. Notify stakeholders of recovery status
  9. Resume normal operations
  10. Conduct post-incident review

Visibility

This document is confidential and is a proprietary work product of Cadence OneFive. The information contained herein may not be copied or distributed without the specific written consent of Cadence OneFive.