Differences

This shows you the differences between two versions of the page.

--- wiki:policies:disaster [2022/06/25 17:56]
kholub
+++ wiki:policies:disaster [2024/03/04 00:00] (current)
katcow
@@ Line 9: / Line 9: @@
 ===== II. Scope =====
-Disruptions included product outages, internet outages, economic disruption, loss of key personnel, cyberattacks, and negative publicity. This policy affects all employees of this Nested Knowledge and its subsidiaries, and all contractors, consultants, temporary employees and business partners.
+Disruptions include product outages, internet outages, economic disruption, loss of key personnel, cyberattacks, and negative publicity. This policy affects all employees of this Nested Knowledge and its subsidiaries, and all contractors, consultants, temporary employees and business partners.
 ===== III. Business Continuity Plan =====
@@ Line 30: / Line 30: @@
 ==== Application Profile ====
-^Name^Manufactuer^Critical?^Comments|
+^Name^Manufacturer^Critical to Business?^Critical to application?^Comments|
-|AutoLit/Synthesis|Nested Knowledge|Yes|Essential for providing Nested Knowledge products and services.|
+|AWS|Amazon|Yes|Yes|Essential for running AutoLit/Synthesis|
-|AWS|Amazon|Yes|Essential for running AutoLit/Synthesis|
+|NPM|Microsoft|Yes|Yes|Essential for building production deployments. In the event of repository outage, dependencies may be transferred from backups via FTP.|
-|NPM|Microsoft|Yes|Essential for building production deployments. In the event of repository outage, dependencies may be transferred from backups via FTP.|
+|PyPi| |Yes|Yes|Essential for building production deployments. In the event of repository outage, dependencies may be transferred from backups via FTP.|
-|PyPi| |Yes|Essential for building production deployments. In the event of repository outage, dependencies may be transferred from backups via FTP.|
+|Auth0| |Yes|Yes|Essential for providing authorization & username/password management to all users.|
-|Auth0| |Yes|Essential for providing authorization & username/password management to all users.|
+|Stripe| |No|No|Stripe enables pay-on-the-site. Both paying and non-paying users may continue accessing the site in the event of an outage, and payments & subscriptions may be manually managed by the NK team in the event of a long-term outage.|
-|Stripe| |Yes|Stripe enables pay-on-the-site. Both paying and non-paying users may continue accessing the site in the event of an outage, and payments & subscriptions may be manually managed by the NK team in the event of a long-term outage.|
+|Google Suite|Google|Yes|No|In the event of an email disruption, we will shift to Outlook-based or other email platforms. In the event of a disruption to Google Meets, we will utilize Zoom for video calls. In the event of a document storage disruption, we will utilize Box for storing company documents.|
-|Google Suite|Google|Yes|In the event of an email disruption, we will shift to Outlook-based or other email platforms. In the event of a disruption to Google Meets, we will utilize Zoom for video calls. In the event of a document storage disruption, we will utilize Box for storing company documents.|
+|Toggl|Toggl|No|No|Used for employee and contractor time tracking. If a disruption occurs, we will require manual time tracking|
-|Click Up|Click Up|No|Used for employee and contractor time tracking. If a disruption occurs, we will require manual time tracking|
+|Gusto| |Yes|No|Essential for payroll and benefits.|
-|Gusto| |Yes|Essential for payroll and benefits.|
+|QuickBooks| |Yes|No|Essential for storing financial information.|
-|QuickBooks| |Yes|Essential for storing financial information.|
+|Slack| |No|No|Utilized for business communication. If a significant disruption occurs, we will switch instant messaging to the chat application Signal.|
-|Slack| |Yes|Utilized for business communication. If a significant disruption occurs, we will switch instant messaging to the chat application Signal.|
+|GitLab| |Yes|Yes|If a temporary disruption occurs, we will employ FTP & patch files.|
-|GitLab| |Yes|If a temporary disruption occurs, we will employ FTP & patch files.|
+|Carta| |No|No| |
-|Captable.io| |No| |
+|Pubmed Entrez API| |No|No| \\ When a disruption occurs, manual and recurrng searches fail. Upon recovery, our system automatically begins rerunnning scheduled failed searches.|
-|Pubmed Entrez API| |Yes|When a disruption occurs, manual and recurrng searches fail. Upon recovery, our system automatically begins rerunnning scheduled failed searches.|
+|Unpaywall| |No|No|When a disruption occurs, the full text import feature is shown as "Not Available" on site.|
-|Unpaywall| |No|When a disruption occurs, the full text import feature is shown as "Not Available" on site.|
+|HubSpot| |No|No| |
-|HubSpot| |No| |
+|Adobe Creative Cloud| |Yes|No|(Photoshop, Illustrator, InDesign, After Effects, Premiere Pro)|
-|Adobe Creative Cloud| |Yes|(Photoshop, Illustrator, InDesign, After Effects, Premiere Pro)|
+|Adobe Reader| |No|No|In the event of a disruption to Adobe Reader, we will switch to Docusign.|
-|Adobe Reader| |No|In the event of a disruption to Adobe Reader, we will switch to Docusign.|
+|OBS Studio| |No|No| |
-|OBS| |No| |
+|Metabase| |No|No|Include sensitive and confidential data.|
-|R Studio| |No| |
+|Scite| |Yes|Yes|When a disruption occurs, the scite badge no longer displays.|
-|Metabase| |No|Include sensitive and confidential data.|
+|[[http://clinicaltrials.gov/|ClinicalTrials.gov ]]| |Yes|Yes|When a disruption occurs, manual and recurring searches fail, and NCTID bibliomining will fail. Upon recovery, our system automatically begins rerunnning scheduled failed searches.|
+|EuropePMC| |Yes|Yes|When a disruption occurs, manual and recurring searches fail. Upon recovery, our system automatically begins rerunnning scheduled failed searches.|
+|DOAJ| |Yes|Yes|When a disruption occurs, manual and recurring searches fail. Upon recovery, our system automatically begins rerunnning scheduled failed searches.|
+|Abstra|Abstra|Yes|No|Disruptions may impact the timeliness of customer support actions. |
 ==== Roles and Contacts ====
@@ Line 58: / Line 61: @@
 |Kevin Kallmes|CEO|Executive decisions; personnel management| \\ [[kevinkallmes@supedit.com|kevinkallmes@supedit.com]] \\   \\  507-271-7051|
 |Karl Holub|CTO|Technical Lead|[[karl.holub@nested-knowledge.com|karl.holub@nested-knowledge.com]]|
-|Kathryn Cowie|COO|Administrative Support; operational support| \\ [[kathryn.cowie@nested-knowledge.com|kathryn.cowie@nested-knowledge.com]] \\   \\  301-272-0957|
+|Kathryn Cowie|COO|Operational support| \\ [[kathryn.cowie@nested-knowledge.com|kathryn.cowie@nested-knowledge.com]] \\   \\  301-272-0957|
 ==== Business Continuity Strategies ====
@@ Line 64: / Line 67: @@
 === Loss of Function of Critical Applications ===
-  * In the case of the loss of functionality to AutoLit or Synthesis, the CTO will be notified and we will send out a Site Disruption message to all users. The CTO and development team will assess the extent of any lost capabilities and timeline to restoration, and then communicate with company leadership regarding a recovery plan of specific functions.
+  * In the case of the loss of functionality to AutoLit or Synthesis for at 30 or more minutes, the CTO will be notified and we will send out a Site Disruption message to all users. The CTO and development team will assess the extent of any lost capabilities and timeline to restoration, and then communicate with company leadership regarding a recovery plan of specific functions.
   * In the case of the loss of functionality to any other key/critical applications, the CTO will be notified; Site Disruption messages will only be sent to users in the case that this impacts end user functions. In consultation with company leadership, the CTO and development team will create a plan to either restore function or shift to a different software provider.
+  * In case of outages, the CEO or another leader will email account representatives for customers with a proposed restoration timeline and details regarding the outage.
 === Recession Planning ===
-  * Our finances are based on private sourcing of funds and already-negotiated contracts with employees and contractors. We would be open to federal support (such as the Payroll Protection Plan), but should not need to dramatically alter financing in a recession.
+  * Our finances are based on private funding and revenue. Our costs are based on already-negotiated contracts with employees and contractors. We would be open to federal support (such as the Payroll Protection Plan) or bank loans, but should not need to dramatically alter financing in a recession.
 === Loss of Key Personnel ===
   * In the event that Nested Knowledge loses our CTO, we will elevate our head engineer to replace the duties and hire an additional engineer as soon as feasible.
-  * In the event that Nested Knowledge loses our Operations Manager, we will hire an already trained administrative assist to aid with record keeping and financial operations.
+  * In the event that Nested Knowledge loses our COO, we will hire an already trained Operations Manager and Bookkeeper to aid with record keeping and financial operations.
 ==== Compliance Statement ====
@@ Line 165: / Line 169: @@
   * Notify employees and allocate responsibilities and activities as required
   * Restore critical services within four business hours of the incident.
-  * Recover to business as usual within 8 to 24 hours after theincident
+  * Recover to business as usual within 8 to 24 hours after the incident
 ==== Communication and Notifications ====
@@ Line 175: / Line 179: @@
 === Contact with Employees ===
-Managers will serve as the focal points for their departments, while designated employees will call other employees to discuss the crisis/disaster and the company’s immediate plans. Employees who cannot reach staff on their call list are advised to call the staff member’s emergency contact to relay information on the disaste
+Managers will serve as the focal points for their departments, while designated employees will call other employees to discuss the crisis/disaster and the company’s immediate plans. Employees who cannot reach staff are advised to call the staff member’s emergency contact to relay information on the disaster.
 === Personnel/Family Notification ===
@@ Line 184: / Line 188: @@
 If applicable, assigned staff will coordinate with the media, working according to guidelines that have been previously approved and issued for dealing with post-disaster communications.
+==== Insurance Requirements ====
+As a mitigation of financial risk, legal exposure, data privacy breach, and other key company functions, the company will maintain the following insurance policies:
+  * General Business / Professional Liability Insurance
+  * Network Security and Privacy Liability Insurance
+  * Cyber Crime Insurance
+  * System Damage and Business Interruption Insurance
 ==== Finances and Legal Action ====
@@ Line 219: / Line 232: @@
 ^Author^Date of Revision/Review^Comments|
 |K. Cowie|11/15/2021|In progress; application profile and risk register need technical review.|
-|K. Holub|06/25/2022|Added a new supplier|
 |K. Kallmes|11/19/2021|2021 version finalized and signed off|
+|K. Holub|06/25/2022|Added a new supplier|
+|P. Olaniran|10/24/2022|Reviewed w/ Kevin K., Karl H., Kathryn C.|
+|K. Kallmes|1/26/2023|Reviewed BIA|
 [[:wiki:policies|Return to Policies]]

Nested Knowledge

User Tools

Site Tools

Differences

Page Tools