Business Continuity and Disaster Recovery

Business Continuity

  • Sumday has a business continuity plan (BCP) in place that in the event of vendor and service outages that could affect its business operations.
  • This this plan sets out they key resources we need to ensure that business may continue (in a limited capacity if unavoidable) and contingency plans in the event of a disaster.
  • The foundation of Sumday's operations is primarily hosted on cloud services. This design ensures that most of our core functions remain operational even if our staff cannot access the office. With a secure internet connection and a laptop, our team can perform their essential job functions, ensuring our business remains operational.
  • Sumday's management reviews the Business Continuity Plan annually to ensure its relevance and effectiveness. After any rehearsal of the BCP, a retrospective session is held to extract lessons learned and identify any playbooks that need creation or modification.

Incident Response Plan

Sumday has a documented incident response plan (IRP) that sets out the procedures to be followed in response to information security incidents.

This IRP is rehearsed at least once a year and includes:

  • Escalation procedures
  • Incident severity identification and classification
  • Roles, responsibilities, and communication strategies in the event of a compromise
  • Containment and remediation strategies
  • Communication protocols
  • A retrospective to determine the root cause so we can make improvements to the IRP and any other system or process required

Disaster Recovery Plan

Sumday has a detailed disaster recovery plan (DRP) designed to manage and restore services in the event of significant disruptions. We perform periodic disaster recovery scenarios and run post-mortems after each simulation to see if any areas need updating or improving. Sumday has a Recovery Point Objective of 12 hours, and Recovery Time Objective of 24 hours.

  • Critical Systems: Systems essential for our functioning, such as application servers, background workers, and database servers. These systems are prioritized for immediate restoration if compromised.
  • Non-Critical Systems: Systems like analytics, monitoring, and logging that, while important, do not inhibit critical systems from functioning. These have a lower priority.
 
Did this answer your question?
😞
😐
🤩

Last updated on Invalid Date