Business Continuity and Disaster Recovery Plan

Introduction
OASIS Open recognizes the critical importance of preparing for unexpected events that could disrupt our operations. This Business Continuity and Disaster Recovery Plan outlines our approach to responding to and recovering from incidents that pose a risk to our operations, people, and the communities we serve.

Purpose
The purpose of this plan is to provide a structured response to incidents, minimize operational disruptions, and ensure the continuity of OASIS’s mission-critical services during and after a disaster.

Scope
This plan covers all aspects of OASIS’s operations, including but not limited to our offices, data centers, staff members, third party vendors, and technology infrastructure.

Objectives

  • To ensure a rapid and coordinated response to incidents.
  • To minimize the impact of disasters on our operations and services.
  • To protect the safety and well-being of our staff and members.
  • To facilitate the recovery of critical systems and operations.
  • To communicate effectively with stakeholders during and after an incident.

Plan Activation
The criteria for activating the Business Continuity and Disaster Recovery Plan include, but are not limited to, natural disasters, significant IT failures, cyberattacks, and any other events that significantly impact our operations. The decision to activate the plan will be made by OASIS’s Executive Director.

Roles and Responsibilities

  • Executive Leadership: Overall responsibility for BCDR planning and response.
  • BCDR Coordinator: Leads the development, implementation, and testing of the BCDR plan.
  • Department Heads: Ensure department-specific continuity plans are developed and integrated with the overall BCDR plan.
  • IT Department: Responsible for implementing disaster recovery procedures for technology infrastructure.
  • Communications Team: Manages all communications with staff, members, stakeholders, and the media.

Response Procedures

Initial Response

  • Assess the incident and its potential impact.
  • Activate the BCDR plan if necessary.
  • Establish a command center for coordination.

Communication

  • Notify staff, members, and other stakeholders of the incident and provide instructions.
  • Keep stakeholders updated on the status of recovery efforts.

Recovery Procedures

  • Implement recovery strategies for critical operations and IT systems.
  • Monitor recovery progress and make adjustments as needed.

Recovery Priorities
Identify critical services and operations, along with their respective recovery time objectives (RTOs). Prioritize recovery efforts based on these objectives to ensure the most critical functions are restored first.

Testing and Maintenance

  • Conduct regular tests of the BCDR plan to ensure its effectiveness.
  • Review and update the plan annually or after significant organizational changes, incidents, or tests that reveal weaknesses.

Training
Provide ongoing training for OASIS staff, and as needed members, on their roles in the BCDR plan to ensure everyone is prepared to respond effectively to incidents.