BriteCore RFI

Disaster Planning

Disaster planning plays an important role in business continuity. We have taken appropriate steps to make sure our business and your business continues to operate after a natural disaster, blackout, or other serious disruption. As a first layer of precaution, we have drafted up disaster plans that provide a road map for responding to a variety of critical issues. The first step in our process identifies critical assets such application technology, IT infrastructure, and client data. The next step provides direction for protecting those assets amid bad weather, power outages, or cyber vulnerabilities.

Questionnaire

  1. Is there a disciplinarily process for non-compliance with information security policies and is it clearly communicated to affected personnel?

    Yes. As a condition of employment, we require employees to acknowledge data security and confidentiality responsibilities and comply to BriteCore policies and procedures regarding the access of key management devices, software, and/or equipment. Nonā€compliance with these policies is a very serious matter that can lead to disciplinary action and/or terminiation.

  2. Is there a constituent termination or change of status process?

    Yes.

  3. Is there an Incident Management program?

    Yes, there is an Incident Management program in place that is carried out by our DevOps team. This team consists of SeniorĀ­Level IWS Engineers with a systems administration background. Between all the team members, IWS has decades of experience with Linux, MySQL, Apache and more. This elite group has been hand-selected by Engineering management at IWS to create, monitor, improve, and protect the servers and networks that IWS uses to delpoy its products.

    In the event of a security matter, a member of engineering management will contact the client in a timely fashion or as necessary to help mitigate the risks associated with the event.

  4. Is there a documented policy for business continuity and disaster recovery?

    Yes. The purpose of this business continuity plan is to prepare Intuitive Web Solutions in the event of extended service outages caused by factors beyond our control (e.g., natural disasters, man-made events), and to restore services to the widest extent possible in a minimum time frame. All sites are expected to implement preventive measures whenever possible to minimize operational disruptions and to recover as rapidly as possible when an incident occurs.

    The plan identifies vulnerabilities and recommends necessary measures to prevent extended voice communications service outages. It is a plan that encompasses all Intuitive Web Solutions system sites and operations facilities.

  5. Is there a Pandemic Plan?

    Yes, there is a pandemic plan in place that has been approved by management and communicated to appropriate constituents.

  6. Is there a process for responding to a privacy incident? If yes, describe. If no, explain reason.

    Yes, A privacy incident would be treated as a disaster and would follow our disaster recovery procedures in terms of scope, impact, recovery, and communication.

  7. Is there a document retention program that isolates protected subsets of sensitive or confidential information for special handling? If yes, identify the subsets and describe the process for isolating these subsets.

    Document retention policies are set by individual clients according to their own needs and state regulations.

  8. Are system backups of Scoped Systems and Data performed?

    Yes. We routinely store backups of client data for up to seven years.