SOC 2 Criteria: CC5.3, CC7.5
Keywords: Tabletop testing, Disaster Recovery Simulation
This policy establishes procedures to recover Userflow following a disruption resulting from a disaster. This Disaster Recovery Policy is maintained by the Userflow Security Officer and Privacy Officer.
The following objectives have been established for this plan:
Examples of the types of disasters that would initiate this plan are natural disaster, political disturbances, human-made disaster, external human threats, internal malicious activities.
Userflow defines two categories of systems from a disaster recovery perspective:
These systems host application servers and database servers or are required for functioning of systems that host application servers and database servers. These systems, if unavailable, affect the integrity of data and must be restored, or have a process begun to restore them, immediately upon becoming unavailable.
These are all systems not considered critical by the definition above. These systems, while they may affect the performance and overall security of critical systems, do not prevent Critical systems from functioning and being accessed appropriately. These systems are restored at a lower priority than critical systems.
There are many potential disruptive threats which can occur at any time and affect the normal business process. We have considered a wide range of potential threats and the results of our deliberations are included in this section. Each potential environmental disaster or emergency situation has been examined. The focus here is on the level of business disruption which could arise from each type of disaster.
The Userflow IT Risk Assessment documents a full detailed assessment of threats.
Testing and Maintenance
The Security Officer shall establish criteria for validation/testing of a Disaster Recovery Plan, an annual test schedule, and ensure implementation of the test. This process will also serve as training for personnel involved in the plan’s execution. At a minimum, the Disaster Recovery Plan shall be tested annually. The types of validation/testing exercises include tabletop and technical testing.
The primary objective of the tabletop test is to ensure designated personnel are knowledgeable and capable of performing the notification/activation requirements and procedures as outlined in the Disaster Recovery Plan, in a timely manner. The exercises include, but are not limited to:
The primary objective of the technical test is to ensure the communication processes and data storage and recovery processes can function at an alternate site to perform the functions and capabilities of the system within the designated requirements. Technical testing shall include, but is not limited to:
Notification and Activation Phase
This phase addresses the initial actions taken to detect and assess damage inflicted by a disruption to Userflow. Based on the assessment of the Event, sometimes according to the Userflow Incident Response Policy, the Disaster Recovery Plan may be activated by the Security Officer and/or CTO.
The notification sequence is listed below:
Damage Assessment Procedures:
Alternate Assessment Procedures:
This section provides procedures for recovering the application at an alternate site, whereas other efforts are directed to repair damage to the original system and capabilities.
The following procedures are for recovering the Userflow infrastructure at the alternate site. Procedures are outlined per team required. Each procedure should be executed in the sequence it is presented to maintain efficient operations.
Recovery Goal: The goal is to rebuild Userflow infrastructure to a production state.
The tasks outlined below are not sequential and some can be run in parallel.
This section discusses activities necessary for restoring Userflow operations at the original or new site. The goal is to restore full operations within 24 hours of a disaster or outage. When the hosted data center at the original or new site has been restored, Userflow operations at the alternate site may be transitioned back. The goal is to provide a seamless transition of operations from the alternate site to the computer center.
Original or New Site Restoration
If the Userflow environment is moved back to the original site from the alternative site, all hardware used at the alternate site should be handled and disposed of according to Userflow policy.
|Version||Date||Editor||Description of Changes|
|V1||October 20th, 2021||Userflow||Initial Creation|