Background
Social Sync recognises the importance of maintaining uninterrupted services for our customers. Unexpected events or disruptions could significantly affect operations, customer trust, and regulatory compliance. Hence, comprehensive business continuity planning is essential.
Purpose
This Business Continuity Plan (BCP) outlines Social Sync’s procedures and strategies to ensure minimal disruption to critical business functions during unforeseen events, enabling swift recovery and resumption of normal operations.
Scope
This plan applies to all essential business functions, processes, systems, and infrastructure managed by Social Sync, including cloud services, third-party suppliers, and data management processes.
Objectives
The objectives of this plan are to:
Minimize downtime and disruption to critical services.
Establish clear recovery time objectives (RTO) and recovery point objectives (RPO).
Ensure rapid response and recovery following disruptions.
Comply with relevant regulatory and industry standards.
Management Commitment and Coordination
Senior Management demonstrates full commitment to maintaining business continuity by:
Allocating necessary resources, personnel, and tools to support the BCP.
Coordinating efforts across all relevant teams – Security, Operations, and Business Continuity – to ensure a unified response.
Reviewing and approving all significant updates to this plan.
Continuity Strategies and Procedures
Social Sync has established continuity procedures for key areas:
Data and System Recovery
Recovery Time Objective (RTO): 4 hours — the maximum allowable time to restore critical services following a disruption, aligned with our fix-forward remediation approach.
Recovery Point Objective (RPO): 2 hours — the maximum acceptable period of degraded or inconsistent data before remediation must occur.
Social Sync follows a fix-forward incident response strategy, as outlined in our Incident Response Plan, meaning that instead of reverting to previous states or backups, we prioritise identifying the issue and deploying a forward-moving fix to restore service continuity.
While automated backups are maintained, we rarely rely on full rollback procedures. Instead, our systems and engineering workflows are optimised to:
Rapidly isolate and resolve issues
Restore service through updated configurations or code patches
Maintain continuity with minimal data disruption
In addition, much of the data within Social Sync can be reimported from integrated third-party platforms (e.g., Facebook, JustGiving, GoFundMe), providing an additional layer of redundancy and recoverability in the event of data inconsistency or loss.
Infrastructure Continuity
Redundant hosting provided by cloud vendor (AWS).
Scalable infrastructure allows rapid response to capacity changes.
Communication Strategy
Immediate internal communication through established channels.
Customer communication via status page, email, and direct support outreach.
Incident Response Integration
This BCP works in conjunction with Social Sync’s Incident Response Plan, which addresses immediate handling of security incidents and forms part of the broader business continuity approach.
These plans are tested at least annually, with outcomes documented and reviewed to drive continual improvements.
Roles and Responsibilities
- Social Sync Compliance Team: Oversees activation and management of the plan. Provides support for data recovery and security measures.
- Senior Management: Ensures resources and coordination across teams during recovery efforts.
- All Employees: Familiar with their roles and responsibilities as outlined in business continuity procedures.
Record Keeping
Social Sync maintains documentation related to business continuity:
Detailed recovery procedures and contingency planning controls.
Test and drill outcomes (annually or more frequently if needed).
Records of incidents and responses.
Dissemination: This plan and its supporting procedures are made available to all relevant personnel via our secured internal knowledge base, ensuring consistent adoption and awareness across the organisation.
Documentation is reviewed regularly and updated to reflect operational changes and lessons learned.
Policy Review
This plan is reviewed at least annually and following any significant disruption or changes to business processes. Amendments will be communicated promptly to all relevant stakeholders. Related contingency procedures are also reviewed and updated on the same schedule to ensure alignment.
Revision history
| Version | Date | Description of Changes |
|---|---|---|
| V1 | November 4th, 2024 | Initial Creation |
| V2 | November 5th, 2024 | Publication |
