Purpose:

This policy outlines Rundoo’s approach to disaster recovery and business continuity planning to ensure that critical business operations and information security controls are maintained in the event of a disruption. The policy provides recovery objectives and testing requirements to safeguard Rundoo’s operational resilience and client data protection.

Scope:

This policy applies to all systems, applications, data, and infrastructure critical to Rundoo’s operations and to any employees responsible for implementing, managing, or reviewing the DR and BCP plans.

Policy:

1. Disaster Recovery (DR) and Business Continuity Plan (BCP) Requirements
   1. Rundoo maintains a formal Disaster Recovery (DR) Plan and Business Continuity Plan (BCP) that are designed to minimize the impact of disruptions and restore critical business operations.
   2. The DR and BCP plans cover all essential systems, including network protection, monitoring, and log management, to ensure continuity of information security controls during recovery.
2. Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
   1. Recovery Time Objective (RTO): Rundoo’s RTO is set to ensure that all critical services are restored within 5 minutes following an incident, minimizing operational downtime.
   2. Recovery Point Objective (RPO): Rundoo’s RPO is set at 5 minutes for data, ensuring minimal data loss in the event of a disruption by leveraging continuous backups and redundant systems in Google Cloud Platform.
3. Annual Testing and Review
   1. The DR and BCP plans are formally reviewed and tested on an annual basis to validate recovery processes, ensure alignment with operational changes, and confirm the effectiveness of security controls.
   2. Testing includes simulated scenarios to verify that recovery procedures meet the defined RTO and RPO standards and that data integrity, network security, and monitoring capabilities are upheld throughout the recovery.
4. Documentation and Updates
   1. All DR and BCP activities, including tests, reviews, and plan updates, are documented and retained for audit purposes.
   2. Rundoo’s IT and Security Team is responsible for updating the DR and BCP plans to reflect new security requirements, infrastructure changes, or identified areas for improvement.
5. Compliance
   1. Rundoo personnel are expected to follow the DR and BCP processes during a disruption, and non-compliance may result in disciplinary actions as per Rundoo’s security policies.

Policy Amendments:

Rundoo reserves the right to update this policy in response to evolving business needs, technology advancements, and regulatory changes.

https://embed.notionlytics.com/wt/ZXlKM2IzSnJjM0JoWTJWVWNtRmphMlZ5U1dRaU9pSkNZMlJNVm1seFdHUjViMmRYZERKbVlsQkpaaUlzSW5CaFoyVkpaQ0k2SWpFek1tVXhNVE01T0RabFlUZ3dNV001WVdabVkyVTVNV0ptTmpobE16TTFJbjA9