Legal>> Compliance

Disaster Recovery Plan

High-level Outline

As we all know, some disasters cannot be avoided. However, we have put these high-level safeguards in place to minimize the impact and help protect your research team.

  • Physical Facility: remote backups are performed regularly and stored in a different physical location from the main servers. Color and Rimuhosting provide UPS, generators, and real-time monitoring.

  • Data Safety: all company information, design, and code management is stored redundantly across several locations.

  • Maximum Allowable Recovery Time: 24 hours to resume normal operations.

  • Disaster Simulation & Testing: Ethnio conducts this once per quarter.

Business Impact Analysis (BIA)

We all know that data loss, even on a small scale, can drastically affect research operations and even damage your company’s financial stability.

The first steps in planning recovery from unexpected disasters is to identify the the risks and prioritize the essential functions of the business. These are the functions that would considerably disrupt business operations, and may result in financial loss.

Viruses, hackers, natural disasters, and even user errors can create data loss, but Ethnio has taken action to minimize these and other risks of data loss. Ethnio’s Recovery Time Objective (RTO) is 24 hours to resume normal operations in the event of a disaster, with the goal of a full data restoration due to our robust data center security.

Taking into account risk attributes such as time of the day, likelihood, and advanced warning, Ethnio has used the following disruption scenarios to guide our BIA:

  • Physical damage to data center(s) to the point of outage.
  • Damage to servers themselves.
  • Power failure to both redundant TierPoint UPS & main power.
  • Damage to, loss or corruption of information technology including voice and data. • communications, servers, computers, operating systems, applications, and data.
  • Multiple essential employee availability failure.

Ethnio vs Other SaaS Providers

This table below shows the disaster recovery and business continuity planning performed by Ethnio versus the percent of other SaaS companies performing the same planning.

Security Description Performed by Ethnio % of Other SaaS Companies
Maintains production backup environments in geographically and geologically distinct areas 79.4 %
Encrypted backups are performed nightly 47.3%

Business Continuity Planning (BCP)

Ethnio has been designed to be recoverable and robust with physically separated servers.

The main data center runs a Cisco networking environment. This data center is staffed 24/7, and includes multiple layers of security & authentication; including card key, PIN, & biometric measures.

As an additional safeguard to the main center, Ethnio uses a warm mirror up-to-the-second data center to support a speedy recovery of critical data.

Moreover, because we know it’s important to store data in geographically-diverse locations, Ethnio has DB backups off-site that use the same encryption as the primary hosts. This helps prevent against universally recognized events such as earthquakes, fires, and floods.

All in all, these measures help to ensure your data is protected to the highest level and we are able to function quickly in the event of a potential disaster.

Business Continuity Testing (BCT)

Ethnio tests the Business Continuity and Disaster Recovery plans once per quarter. Each tests involves the following:

  • Examination. Key Ethnio team members will examine the plan in detail at a conceptual level, attempting to identify inconsistencies or issues that were overlooked since the last test.

  • Tabletop Test. Starting with a role-playing exercise, Ethnio team members act out the functions they would perform in the event of an actual emergency. The goal is to test not only the plan itself, but also how well team members carry out the roles they would be expected to play as part of the actual Ethnio disaster response effort. Part of the purpose of the tabletop test is to gain insight into how resilient the plan may be in the chaos of a real disaster. To that end, the tabletop exercise also includes one or more unexpected scenarios to test the response of the team and the adequacy of the plan when things don’t go as anticipated.

  • Simulation. This step in testing the Ethnio BCP is to simulate an actual emergency. The point of the simulation is to cause an actual controlled disruption to test whether the procedures specified in the Ethnio BCP allow employees to effectively respond under realistic emergency conditions. To allow the simulation to be as realistic as possible without disrupting the normal operations of the company, it is sometimes conducted over a weekend. The point of the simulation is to cause an actual controlled disruption to key Ethnio services to test whether the procedures specified in the BCP allow employees to effectively respond under realistic emergency conditions. For example, a server may be suddenly taken off-line. We evaluate how well the various functional areas of Ethnio respond (incentives, scheduling, etc).

  • Recovery. Arguably the most important part of our BCT is the exercise to insure that our data backups can actually be recovered. We start with one of the most common workplace disasters today: a loss of data. The obvious goal is to get that data back as quickly as possible, ideally by restoring a backup. Key Ethnio team members measure time to restore data, communicate with outside vendors, and makes note of any business-critical data that does not restore properly

The team evaluates both response and recovery through each phase, since the most important part of our simulation is ensuring our backup infrastructure can actually be recovered with as little down time as possible.