Purpose and Scope
The purpose of this policy is to define Helpwise’s procedures to recover Information Technology (IT) infrastructure and IT services within set deadlines in the case of a disaster or other disruptive incident. The objective of this plan is to complete the recovery of IT infrastructure and IT services within a set Recovery Time Objective (RTO).
This policy includes all resources and processes necessary for service and data recovery, and covers all information security aspects of business continuity management.
This policy applies to all management, employees and suppliers that are involved in the recovery of IT infrastructure and services within Helpwise. This policy must be made readily available to all whom it applies to.
This policy defines the overall disaster recovery strategy for Helpwise. The strategy describes Helpwise’s Recovery Time Objective (RTO), which is defined as the duration of time and service level for critical business processes to be restored after a disaster or other disruptive event, as well as the procedures, responsibility and technical guidance required to meet the RTO. This policy also lists the contact information for personnel and service providers that may be needed during a disaster recovery event.
The following conditions must be met for this plan to be viable:
- All equipment, software and data (or their backups/failovers) are available in some manner.
- The Information Security Officer is responsible for coordinating and conducting a bi-annual (at least) rehearsal of this continuity plan.
This plan does not cover the following types of incidents:
- Incidents that affect customers or partners but have no effect on Helpwise’s systems; in this case, the customer must employ their own continuity processes to make sure that they can continue to interact with Helpwise and its systems.
- Incidents that affect cloud infrastructure suppliers at the core infrastructure level, including but not limited to Amazon Web Services. Helpwise depends on such suppliers to employ their own continuity processes.
The following services and technologies are considered to be critical for business operations, and must immediately be restored (in priority order):
- Helpwise’s main webapp
- Helpwise user APPI
- Helpwise.js CDN
- Helpwise end user API
- Helpwise REST API
- Helpwise webhook delivery
Helpwise’s Recovery Time Objective (RTO) is 1 hour. Restoration of critical services and technologies must be completed within this time period.
Notification of Plan Initiation
The following personnel must be notified when this plan is initiated:
- Gaurav Sharma (CEO)
- This plan must only be deactivated by Gaurav Sharma (CEO)
- In order for this plan to be deactivated, all critical service as detailed above must be fully restored. If Helpwise is still operating in an impaired scenario, the plan may still be kept active at the discretion of Gaurav Sharma (CEO).
- The following personnel must be notified when this plan is deactivated:
- Gaurav Sharma (CEO)
Helpwise must endeavor to restore its normal level of business operations as soon as possible.
- A list of relevant points of contact both internal and external to Helpwise is enclosed in Appendix A
- During a crisis, it is vital for certain recovery tasks to be performed right away. The following actions are pre-authorized in the event of a disaster recovery event:
- CTO/Software Engineers must take all steps specified in this disaster recovery plan in order to recover Helpwise’s information technology infrastructure and services.
- CEO/CTO is authorized to make urgent purchases of equipment and services up to \$10,000.
- CEO/CPO is authorized to communicate with clients.
- CEO/CPO is authorized to communicate with the public.
- CEO/CPO is authorized to communicate with public authorities such as state and local governments and law enforcement.
- CEO/CTO is authorized to cooperate with Amazon Web Services.
Appendix A: Relevant Points of Contact
Last updated: 2nd November 2021