This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
wiki:policies:disaster [2021/11/19 20:45] katcow |
wiki:policies:disaster [2023/10/10 20:48] katcow [Business Continuity Strategies] |
||
---|---|---|---|
Line 9: | Line 9: | ||
===== II. Scope ===== | ===== II. Scope ===== | ||
- | Disruptions | + | Disruptions |
===== III. Business Continuity Plan ===== | ===== III. Business Continuity Plan ===== | ||
+ | |||
+ | The following covers the types of disruptions planned for, the roles of key personnel in continuity planning and disruption response, the applications that could be disrupted, and the general strategies for ensuring business continuity. | ||
==== Examples of Disruptions ==== | ==== Examples of Disruptions ==== | ||
Line 28: | Line 30: | ||
==== Application Profile ==== | ==== Application Profile ==== | ||
- | ^Name^Manufactuer^Critical? | + | ^Name^Manufacturer^Critical |
- | |AutoLit/ | + | |AWS|Amazon|Yes|Yes|Essential for running AutoLit/ |
- | |AWS|Amazon|Yes|Essential for running AutoLit/ | + | |NPM|Microsoft|Yes|Yes|Essential for building production deployments. In the event of repository outage, dependencies may be transferred from backups via FTP.| |
- | |NPM|Microsoft|Yes|Essential for building production deployments. In the event of repository outage, dependencies may be transferred from backups via FTP.| | + | |PyPi| |
- | |PyPi| |Yes|Essential for building production deployments. In the event of repository outage, dependencies may be transferred from backups via FTP.| | + | |Auth0| |Yes|Yes|Essential for providing authorization & username/ |
- | |Auth0| |Yes| | | + | |Stripe| |No|No|Stripe enables pay-on-the-site. Both paying and non-paying users may continue accessing the site in the event of an outage, and payments & subscriptions may be manually managed by the NK team in the event of a long-term outage.| |
- | |Google Suite|Google|Yes|In the event of a disruption to Google Meets, we will utilize Zoom for video calls.| | + | |Google Suite|Google|Yes|No|In the event of an email disruption, we will shift to Outlook-based or other email platforms. |
- | |Click Up|Click Up|No|Used for employee and contractor time tracking. If a disruption occurs, we will require manual time tracking| | + | |Toggl|Toggl|No|No|Used for employee and contractor time tracking. If a disruption occurs, we will require manual time tracking| |
- | |Gusto| |Yes|Essential for payroll and benefits.| | + | |Gusto| |Yes|No|Essential for payroll and benefits.| |
- | |QuickBooks| |Yes|Essential for storing financial information.| | + | |QuickBooks| |Yes|No|Essential for storing financial information.| |
- | |Slack| |Yes|Utilized for business communication. If a significant disruption occurs, we will switch instant messaging to the chat application Signal.| | + | |Slack| |No|No|Utilized for business communication. If a significant disruption occurs, we will switch instant messaging to the chat application Signal.| |
- | |GitLab| |Yes|If a temporary disruption occurs, we will employ FTP & patch files.| | + | |GitLab| |
- | |Captable.io| |No| | | + | |Carta| |No|No| | |
- | |Pubmed Entrez API| |Yes|When a disruption occurs, manual and recurrng searches fail. Upon recovery, our system automatically begins rerunnning scheduled failed searches.| | + | |Pubmed Entrez API| |No|No| \\ When a disruption occurs, manual and recurrng searches fail. Upon recovery, our system automatically begins rerunnning scheduled failed searches.| |
- | |Unpaywall| |No|When a disruption occurs, the full text import feature is shown as "Not Available" | + | |Unpaywall| |
- | |HubSpot| |No| | | + | |HubSpot| |
- | |Adobe Creative Cloud| |Yes|(Photoshop, | + | |Adobe Creative Cloud| |Yes|No|(Photoshop, |
- | |Adobe Reader| |No|In the event of a disruption to Adobe Reader, we will switch to Docusign/| | + | |Adobe Reader| |
- | |OBS| |No| | | + | |OBS Studio| |No|No| | |
- | |R Studio| |No| | | + | |Metabase| |No|No|Include sensitive and confidential data.| |
- | | | | | | | + | |Scite| |Yes|Yes|When a disruption occurs, the scite badge no longer displays.| |
+ | |[[http:// | ||
+ | |EuropePMC| |Yes|Yes|When a disruption occurs, manual and recurring searches fail. Upon recovery, our system automatically begins rerunnning scheduled failed searches.| | ||
+ | |DOAJ| |Yes|Yes|When a disruption occurs, manual and recurring searches fail. Upon recovery, our system automatically begins rerunnning scheduled failed searches.| | ||
==== Roles and Contacts ==== | ==== Roles and Contacts ==== | ||
|Name|Title|Role/ | |Name|Title|Role/ | ||
- | |Kevin Kallmes|CEO|Executive decisions; personnel management| \\ [[kevinkallmes@supedit.com|]] \\ | + | |Kevin Kallmes|CEO|Executive decisions; personnel management| \\ [[kevinkallmes@supedit.com|kevinkallmes@supedit.com]] \\ |
- | |Karl Holub|CTO|Technical Lead|[[karl.holub@nested-knowledge.com|]]| | + | |Karl Holub|CTO|Technical Lead|[[karl.holub@nested-knowledge.com|karl.holub@nested-knowledge.com]]| |
- | |Kathryn Cowie|COO|Administrative Support; operational | + | |Kathryn Cowie|COO|Operational |
==== Business Continuity Strategies ==== | ==== Business Continuity Strategies ==== | ||
+ | |||
+ | === Loss of Function of Critical Applications === | ||
+ | |||
+ | * In the case of the loss of functionality to AutoLit or Synthesis for at 30 or more minutes, the CTO will be notified and we will send out a Site Disruption message to all users. The CTO and development team will assess the extent of any lost capabilities and timeline to restoration, | ||
+ | * In the case of the loss of functionality to any other key/ | ||
+ | * In case of outages, the CEO or another leader will email account representatives for customers with a proposed restoration timeline and details regarding the outage. | ||
=== Recession Planning === | === Recession Planning === | ||
- | * Our finances are based on private | + | * Our finances are based on private |
=== Loss of Key Personnel === | === Loss of Key Personnel === | ||
* In the event that Nested Knowledge loses our CTO, we will elevate our head engineer to replace the duties and hire an additional engineer as soon as feasible. | * In the event that Nested Knowledge loses our CTO, we will elevate our head engineer to replace the duties and hire an additional engineer as soon as feasible. | ||
- | * In the event that Nested Knowledge loses our Operations Manager, we will hire an already trained | + | * In the event that Nested Knowledge loses our COO, we will hire an already trained |
==== Compliance Statement ==== | ==== Compliance Statement ==== | ||
Line 115: | Line 127: | ||
|Critical Databases|15 minutes|5 minutes|Transaction logs are streamed to a backup on AWS RDS. A new instance may be provisioned from an arbitrary timepont (10 minutes) and the private DNS record updated (5 minutes).| | |Critical Databases|15 minutes|5 minutes|Transaction logs are streamed to a backup on AWS RDS. A new instance may be provisioned from an arbitrary timepont (10 minutes) and the private DNS record updated (5 minutes).| | ||
|Critical Servers|30 minutes|N/ | |Critical Servers|30 minutes|N/ | ||
- | |AWS (permanent outage)|40 hours|12 hours| \\ This entry highlights a worst-case scenario: a permanent AWS outage requiring transfer of our services to a different cloud services provider (planned: Google Cloud). Time is alloted for provisioning of compute, load balancing, & database resources, transfer of database backups, DNS record transfer (or temporary new record creation), network configuration. \\ \\ Database backups are performed twice daily to an offsite, giving an RPO of 12 hours. | + | |AWS (permanent outage)|40 hours|12 hours| \\ This entry highlights a worst-case scenario: a permanent AWS outage requiring transfer of our services to a different cloud services provider (planned: Google Cloud). Time is alloted for provisioning of compute, load balancing, & database resources, transfer of database backups, DNS record transfer (or temporary new record creation), network configuration. \\ \\ Database backups are performed twice daily to an offsite, giving an RPO of 12 hours.| |
|AWS (transient outages)| | |We defer to [[https:// | |AWS (transient outages)| | |We defer to [[https:// | ||
=== Maximum Tolerable Downtime (MTD): === | === Maximum Tolerable Downtime (MTD): === | ||
- | 48 hours. This estimate represents the RTO for a worst-case failure (permanent outage & transfer off of our current cloud provider), plus an 8 hour Work Recovery Time (WRT) verifying the new system. | + | For any cause: |
- | === Budget | + | === Business |
- | Nested Knowledge will perform a Budget | + | Nested Knowledge will perform a Business |
====== Disaster Planning and Recovery ====== | ====== Disaster Planning and Recovery ====== | ||
Line 157: | Line 169: | ||
* Notify employees and allocate responsibilities and activities as required | * Notify employees and allocate responsibilities and activities as required | ||
* Restore critical services within four business hours of the incident. | * Restore critical services within four business hours of the incident. | ||
- | * Recover to business as usual within 8 to 24 hours after theincident | + | * Recover to business as usual within 8 to 24 hours after the incident |
==== Communication and Notifications ==== | ==== Communication and Notifications ==== | ||
Line 167: | Line 179: | ||
=== Contact with Employees === | === Contact with Employees === | ||
- | Managers will serve as the focal points for their departments, | + | Managers will serve as the focal points for their departments, |
=== Personnel/ | === Personnel/ | ||
Line 176: | Line 188: | ||
If applicable, assigned staff will coordinate with the media, working according to guidelines that have been previously approved and issued for dealing with post-disaster communications. | If applicable, assigned staff will coordinate with the media, working according to guidelines that have been previously approved and issued for dealing with post-disaster communications. | ||
+ | |||
+ | ==== Insurance Requirements ==== | ||
+ | |||
+ | As a mitigation of financial risk, legal exposure, data privacy breach, and other key company functions, the company will maintain the following insurance policies: | ||
+ | |||
+ | * General Business / Professional Liability Insurance | ||
+ | * Network Security and Privacy Liability Insurance | ||
+ | * Cyber Crime Insurance | ||
+ | * System Damage and Business Interruption Insurance | ||
==== Finances and Legal Action ==== | ==== Finances and Legal Action ==== | ||
Line 200: | Line 221: | ||
The company lawyer and Emergency and Disaster Response Team will jointly review the aftermath of the incident and decide whether there may be legal actions resulting from the event; in particular, the possibility of claims by or against the company for regulatory violations, etc. | The company lawyer and Emergency and Disaster Response Team will jointly review the aftermath of the incident and decide whether there may be legal actions resulting from the event; in particular, the possibility of claims by or against the company for regulatory violations, etc. | ||
- | |||
=== Tabletop Exercises === | === Tabletop Exercises === | ||
+ | On an annual basis, the executive and engineering management teams will independently develop a set of 10 potential disruptive and disaster scenarios to our product, resources, and external dependencies. 5 scenarios will be randomly selected with the scenario moderator acting as moderator for each exercise. The moderator will accept planned actions & team-level assignments and return outcomes, optionally adding in modifying information or new developments. | ||
+ | |||
+ | Scenarios are carried forward year to year. | ||
===== Revision History ===== | ===== Revision History ===== | ||
Line 209: | Line 232: | ||
^Author^Date of Revision/ | ^Author^Date of Revision/ | ||
|K. Cowie|11/ | |K. Cowie|11/ | ||
- | |K. Holub|11/18/2021| | | + | |K. Kallmes|11/19/2021|2021 version finalized and signed off| |
- | |K. Kallmes| | | | + | |K. Holub|06/ |
+ | |P. Olaniran|10/ | ||
+ | |K. Kallmes|1/26/2023|Reviewed BIA| | ||
+ | |||
+ | [[: | ||