Business Continuity and Disaster Recovery Policy
Discover Roboto Studio's approach to Business Continuity and Disaster Recovery. Learn how we prepare for and respond to unforeseen events.
1.0 Purpose
This document defines Roboto Studio’s policy directive on business continuity activities, including business continuity and disaster recovery planning for all the critical business processes and service activities undertaken by Roboto Studio for its business/customers in order to:
- Effectively manage any incident that may cause a business disruption to Roboto Studio.
- Provide continuity of critical business processes and services managed by Roboto Studio.
- Minimize the potential impact that any business disruption would have on Roboto Studio and its reputation.
2.0 Scope
- This policy applies to all people, processes and systems of Roboto Studio required to maintain normal business operations and recover from disruptions.
3.0 Definitions
Business Impact Analysis (BIA) predicts the consequences of disrupting a business function and process and gathers information needed to develop recovery strategies.Business Continuity Plan (BCP) is concerned with keeping business operations running, perhaps in another location, or using alternative tools and processes following a disruption.Disaster Recovery Plan (DRP) is concerned with restoring normal business operations after a disaster.
4.0 Policy
- All internal departments, processes or any independent client business elements that are considered critical and whose extended loss would have a significant impact on Roboto Studio shall have a Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) for its operations within an agreed strategy.Roboto Studio management shall regularly assess the impact of potential disasters on business operations as part of the periodic BIA exercise.
- Management shall designate respective department heads responsible for maintaining a minimum acceptable standard of service in disaster situations. In addition, all management personnel and employees shall be made aware of the BCPs and DRPs and their roles and responsibilities in achieving the defined continuity and recovery objectives.
- The BCPs and DRPs shall be tested and reviewed at regular intervals to ensure they remain relevant.
- Contracts with third-party suppliers that provide critical services to Roboto Studio shall include:
- Communication and understanding of the relevant plans for the respective supplier’s role.
- Adequate contingency or recovery strategies over the lifecycle of the product and service.
4.1 Roles and Responsibilities
- The organization shall ensure that roles and responsibilities have been assigned for:
- Providing guidance and oversight for the management of business continuity and disaster recovery activities as well as improvements.
- Managing all areas of the BIA, BCP and DRP and understanding the business.
- Updating management on BCP and DRP readiness.
- Managing and improving BCP testing exercises by monitoring schedules, reviewingassessment results and maintaining records.
- Training and educating the relevant individuals with necessary information on theorganization’s policies and procedures on business continuity and disaster activities.
- Coordinating and managing the BCP and DRP, including communication to relevantstakeholders in an actual or potential disaster.
4.2 Business Impact Analysis
- Roboto Studio shall define a formal process to determine the criticality of a given process and the impact on Roboto Studio’s business if they are not operational in case of a disaster, which may be an internal or external event. The output of this activity should be used to determine business continuity priorities and requirements. At a minimum, the following should be considered in the BIA exercise:
- Maximum tolerable business downtime
- Operational disruption and productivity
- Financial consideration
- Regulatory requirements
- Contractual obligations
- Organizational reputation
4.3 Business Continuity Planning
Business continuity planning shall be documented and approved by management for processes (as applicable) that are identified as critical in the BIA on at least an annual basis.
The BCP shall include the activities to be performed in various scenarios in case of an incident or disaster due to internal or external events. The BCP shall consist of activities to be followed to protect personnel and assets following a disaster and resume services quickly. A BCP involves the following:
- Strategies to ensure the safety of personnel
- Analysis of potential threats
- Alternate strategies to continue business operations, particularly the essentialmissions and business functions in a defined time frame
- A list of the primary tasks required to continue the operations along with assignedroles, responsibilities and individuals with contact information (recovery team)
- Easy to locate the management contact information
- Explanation of where personnel should go if there is a disastrous event
- Information on data backups and organization site backup
- Communication strategies
- Buy-in from everyone in the organization
- Recovery objectives, restoration priorities and metrics
4.4 Disaster Recovery Planning
Roboto Studio shall develop and establish a Disaster Recovery Plan (DRP) that addresses the step-by-step process of recovering and reinstating the business operations to a pre-disaster state, including assessing the damage, estimating recovery costs, working with insurance companies, and monitoring the progress of the recovery process.
A dedicated disaster recovery functional team shall be established to manage and implement the DRP.
4.5 Exercising or Testing
Roboto Studio performs regular database restores to ensure database backup validity and periodically tests application server backups to ensure we can recover from an application server failure.Periodic tests shall be performed by designated personnel authorized by Roboto Studio’s management to test the execution of business continuity and disaster recovery plans. When possible, the testing involves collaboration with critical third parties to ensure vendor- dependent services and/or system(s) can be recovered to meet Roboto Studio’s Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
The test results shall indicate whether the test was successful or requires corrective actions. In addition, Roboto Studio’s BCP and DRPs shall be updated based on the outcome of the tests performed and lessons learned.
Version History
A list of all the versions including their version, author, date and comments.
Version | Author | Date | Comments |
---|---|---|---|
0.1 | Joe Pindar (Fresh Security) | 2022-05-16 | First Draft |
1.0 | Joe Pindar (Fresh Security) | 2022-06-01 | Sign off |
1.1 | Joe Pindar (Fresh Security) | 2023-10-01 | Add policy review schedule. Review for best practice alignment. |