Solutions
Planning for failure: Contingency Planning.
BC/DR
Business Continuity & Disaster Recovery (BC/DR) planning is integral to our approach to mitigating and managing risk and responding to incidents, and an on-going responsibility of our organization, to both our employees and our customers.
We recognize that unforeseen events do happen and can exceed our company’s capacity for business-as-usual structures and processes. Through the adoption of Business Continuity planning, we’re committed to ensuring essential services and functions are maintained in the wake of service interruptions and critical events, and that the impacts of such events on company staff and stakeholders are minimized.
An effective Business Continuity strategy minimizes both the short and long-term negative effects of an event or disaster on an organization: safeguarding its critical functions and the associated expectations of customers and key stakeholders, while assisting the organization in meeting compliance obligations and protecting its reputation. Request access to our full BC/DR policy and plan below.
Availability
Availability
We implement redundant systems to ensure reliability and availability of web services and data. Data availability is ensured via two methods: Azure Active Geo-Replication and Azure Auto-Failover Groups. Together these techniques ensure no data is lost in the case of a disaster or outage in the Primary location of each region.
Backup
Backup
Our infrastructure includes three options for backup and restoration: Active Geo-Replication to Secondary location, Geo-Restore, and Point-In-Time Restore. Outside of MS Azure, we use two other tools for cloud and cold storage backup.
Detective Measures
Detective Measures
Our Azure environment alerts us to significant events such as CPU usage or unresponsive servers, with these configured according to best practice. We also implement an internally created program that conducts high level checks from the outside, ensuring every base is covered.
Infrastructure
Admin By Request parent company, FastTrack Software, uses Microsoft Azure’s IaaS (Infrastructure-as-a-Service) model to provision all infrastructure fundamental to delivering our cloud service, which includes servers, storage, databases, and networking resources.
Measures in Place for
Risk Mitigation
The saying, ‘the greater the risk, the greater the reward’ doesn’t apply to the world of cybersecurity. Minimizing risk is the first order of business in BC/DR, and we have in place processes and policies to ensure risk is minimized for ourselves and our customers from the outset.
People
Requirements are enforced for all remote employees, including use of Multi-Factor Authentication (MFA), Virtual Private Networks (VPNs), and encrypted hard drives. Operating systems must be kept up to date and patched installed immediately. for our customers, we provide a detailed Contingency Plan stipulating what they can do to minimize risk of data lose the case of software outages.
Processes
We take regular cloud and cold storage backups of customer databases and source code to minimize risk of losing data during an incident. Rigorous and ongoing security testing and vulnerability scans of software and files are conducted after release to minimize likelihood of exploitation.
External Suppliers
Our contracts with suppliers of services critical to our own Admin By Request service include a requirement of assurance, along with evidence, that comprehensive Business Continuity and Disaster Recovery measures are in place within that supplier’s organization.
During an incident
Customer Communications
We strive for transparency with our customers and stakeholders, and that translates to fast, clear, and honest communication with the relevant parties during an unforseen event affecting our servcies.
What is Communicated
The initial assessment of the impact of the incident and an estimated forecast of the time it will take to recover will be provided to the relevant people, including what has gone wrong, what or who is affected, what they can do in the meantime, what we're doing to recover, and when we expect to return to business-as-usual.
When it's Communicated
When we initially contact customers in the case of an incident depends on the nature of the event and its severity. In the case of a personal data breach, we'll notify the relevant customer/s within 24 hours from when the breach was discovered. After initial contact, regular updates will be provided until system functionality is restored.
How it's Communicated
Communication with customers during an unforeseen event will be via group email, individual email from the FastTrack Software Support email address, phone, and in some cases, video call. Relevant info will also posted in the Admin By Request User Portal.
Peace of Mind
Customer Contingency Plan
In the case of an incident affecting customers’ abilities to access the Admin By Request service, there may be actions that you can take on your end to access data. Our Customer Contingency Plan provides helpful contact information and steps that can be taken until the issue is resolved.
Key Contacts
Get the emergency email and phone contact of your Territory Director, instead of being routed to the generic Support email.
Business Impact Ratings
Each scenario described in the Contingency Plan offers a business impact rating of either Low, Medium, or High - so you're aware of what you're facing.
Scenario-Based Risk Management
Here we outline a range of possible scenarios that could occur and list the remedial actions that can be taken to gain access to data and services.
