Continuity & Disaster Recovery Policy
As of May 19, 2024
Policy
Intensity Analytics has worked to develop a comprehensive business continuity and disaster recovery plan in accordance with the guidance and practices defined global standards, such as ISO 22301:2019 and ISO/IEC 27031:2011. Founded, built, and operated as a virtual company, Intensity Analytics has different challenges than a traditional brick-and-mortar business. While localized events usually have less impact on our business operations, other events that affect cloud infrastructure and communications networks are even more critical in some cases.
Disaster Identification
There a numerous of possible disasters that can affect a business, so we have tried to categorize them in a way that matches the specific business needs unique to Intensity Analytics, with a corresponding set of policies and procedures to address each classification. While certain types of disasters, such as failure of a home office device can be largely addressed through backup practices, our most critical situations relate to infrastructure failures which are the result of system disasters beyond our control, and cybersecurity breaches that compromise sensitive customer information.
| Natural Disasters |
System Disasters |
| These are events, usually physical in nature, that damage a structure or network. |
These are events that are virtual in nature, which may result in inoperable services or degraded delivery, or expose sensitive data. |
| Local |
Infrastructure |
Infrastructure |
Application |
Cybersecurity |
| Disasters that affect a specific home office or location that is part of Intensity Analytics. |
Disasters that are the result of regional infrastructure failure due to the impact of some natural event. |
Disasters resulting from a failure in our cloud services providers or partner systems. |
Disasters that are the result of an unknown application or system bug that affect the delivery of our services. |
Disasters resulting from an attack on our systems that affects the service delivery or exposes data. |
Disaster Measures
We have created a three-phase approach to handling disaster scenarios, with the goal of reducing the risk of occurrence, quickly identifying any event which may occur, and minimizing the disruption of such an event, while incorporating relevant experience from the resolution of an event to strengthen and enhance our operations.
| Preventative |
Detective |
Corrective |
| Controls and Policies |
Assessment and Notification |
Mitigation and Remediation |
| This includes a variety of automation tools in Azure, endpoint products like Carbonite, Crowdstrike, and Sonicwall, and policies enforcing authentication practices, privileged access, and development standards, with regular review and revision. |
To ensure that any potential failure is quickly identified, we employ a suite of products, including monitoring through Azure and Monitis, as well as internally developed systems, which notify designated personnel to triage and categorize, and escalate alarms. |
Implementing a solution follows the steps corresponding to the category of a particular failure or disaster, which includes options for site recovery and alternate systems for resiliency or backup deployment, as well as internal and external contacts. |
Records Management
Duplicate copies of our critical business records are maintained through our financial, legal, and insurance providers.