Disaster Recovery Plan (DRP)
1. Introduction
This Disaster Recovery Plan (DRP) captures, in a single repository, all of the information that describes the steps that CLIDE S.A should take in order to recover from a disaster.
2. Purpose
The purpose of this plan is to identify disasters as quickly as possible in order to minimise impact on the
company and its customers, and to restore core operations as soon as possible, according to the RTO.
Accordingly, the plan’s goals include:
-
Limiting the extent of disruption and damage.
-
Minimising the economic impact of the interruption.
-
Establishing alternative means of operation in advance.
-
Training personnel regarding emergency procedures.
-
Providing smooth and rapid restoration of service.
3. Scope
The scope of this plan is CLIDE Analyser's IT operations that affect customer experience and information.
Non-production services, personnel, HR and real estate disasters are out of scope of this plan. For other disasters recovery plans please refer to CLIDE Analyser's Business Continuity Plan (provide a link).
A national disaster such as nuclear war is beyond the scope of this plan.
4. Assumptions
-
Key people (team leaders or alternates) will be available following a disaster.
-
This document and all vital records are stored in a secure off-site location and not only survive the disaster but are accessible immediately following the disaster.
-
The company will have one general plan consisting of unique recovery procedures, critical resource information and procedures.
5. Disaster definition
A disaster in this plan is an incident of lack of availability (either full or partial) of the CLIDE Analyser's production environment that affects the customers’ ability to use the service.
6. Recovery teams
-
Event Manager
-
Disaster recovery team (DRT)
7. Team member responsibilities
-
Each team member will designate an alternate.
-
All of the members and their alternates should keep an updated calling list of their work team members’ main and secondary phone numbers (e.g. home number, spouse’s number).
-
All team members should keep this plan for reference at home in case the disaster happens after normal work hours.
-
All team members should familiarise themselves with the contents of this plan
8. Disaster declaration
The event manager, with input from the DRT, is responsible for declaring a disaster and activating the various recovery teams as outlined in this plan. The following events will be declared as a disaster:
-
The service is not available for at least 10%
A major functionality in the system doesn’t work
A disaster will be declared if the situation is not likely to be resolved within predefined time frames. The person who is authorised to declare a disaster should also have at least one backup person who is also authorised to declare a disaster in the event the primary person is unavailable.
9. Invoking the plan
This plan becomes effective when a disaster occurs. Problem management procedures will be initiated and remain in effect until normal operation is declared.
10. Recovery Time Objective (RTO)
In a case of disaster the company Recovery Time Objective (RTO) is 24 hours.
11. Recovery Point Objective (RPO)
In a case of disaster the company Recovery Point Objective (RPO) is 12 hours.
12. External communications
CLIDE S.A public relations (PR) personnel are designated as the principal contacts with the customers, media, and other external organisations. CLIDE Analyser's legal department are designated as the principal contact with legal authorities.
13. Communicating with Vendors
The DRT will be responsible for contacting the relevant vendor as soon as the disaster is declared.
14. Crucial Vendors - contact details
The list is available for CLIDE Analyser’s employees
15. Data and Backups
CLIDE S. A and AWS backup services are responsible for managing and performing backup tasks on various types of service-related data retained within the production environment to enable availability and redundancy of data. Databases are redundant within the production environment. monday.com application database and critical portions of the application file system are backed up daily. 25 Days of backup data is kept. The access to the backup is restricted to authorised individuals.
16. DR Security Assessment
In the specific case of security breach of CLIDE Analyser’s network systems, a security breach assessment will be performed by CLIDE Analyser’s CISO (please refer to appendix B) to assess the parts of the system being affected.
17. Plan review and maintenance
This plan must be reviewed biannually and exercised on an annual basis. The test may be in the form of a walk-through, mock disaster, or component testing. Additionally, with the dynamic environment present within monday.com, it is important to regularly review the listing of personnel and phone numbers contained within the plan. Electronic versions of the plan will be available via CLIDE Analyser network resources as provided by IT.
18. Provide status to Event Manager
DRT should contact the Event Manager and provide the following information when any of the following conditions exist: (See Appendix B for contact list)
-
Any problem at any system or location that would cause any of the conditions listed above in section 9, to be present, or if there is an indication that the above condition is likely to occur. The DRT will provide the following information: Type of disaster , summary of the damage (e.g., minimal, heavy, total destruction)
-
The DRT will contact the head of Customer Success and report if a disaster has taken place.
19. Decide on the course of action
Based on the information obtained by the DRT, the Event Manager needs to decide how to respond to the event.
20. Inform team members of decision
If a disaster is not declared, the team will continue to address and manage the situation and provide periodic status updates to the CISO. If a disaster is declared, the Event Manager will decide on the next steps, while the DRT will continue to work to solve the disaster.
Appendix A: CLIDE S.A recovery teams
1. Event Manager
1.1. Charter Responsible for managing all the actions taken during an incident handling process.
1.2. Member CISO. Alternate - Infra team lead.
1.3. Support activities
-
Coordinate all actions taken during the incident.
-
Document all findings and all actions taken.
-
Operates communication channels with other departments (R&D, Legal, PR).
-
Evaluate damage assessment findings.
-
Set recovery priority based on the assessment reports.
-
Provide senior management with ongoing status information.
2. Disaster Recovery Team (DRT)
Note: See Appendix B for contact list.
2.1. Charter
Responsible for executing all disaster recovery effort.
2.2. Members Infrastructure Engineer
-
R&D Architect
-
R&D Security Champion
-
R&D Team Lead
-
Production Engineer
-
Head of Communications
-
Legal department representative
2.3. Support activities
-
Coordinate with Event manager.
-
Determine recovery needs
-
Establish command centre and assembly areas
-
Notify all company department heads and advise them to activate their plan(s) if applicable, based upon the disaster situation
-
If no disaster is declared, take appropriate action to return to normal operations using regular staff
-
Determine if vendors or other teams are needed to assist
-
Prepare post-disaster debriefing report
-
Coordinate the development of site-specific recovery plans and ensure they are updated semi-annually
Appendix B: Contact List
Appendix C: DRP Flow