GalaxyWorks Legal Portal
Last updated: April, 2021
Disaster Recovery Policy
Procedure to recover Services in case of disruption.
The purpose of this policy is to define the GalaxyWorks’ procedures to recover Information Technology (IT) infrastructure and IT services within set deadlines in the case of a disaster or other disruptive incident. The objective of this plan is to complete the recovery of IT infrastructure and IT services within a set Recovery Time Objective (RTO).
This policy includes all resources and processes necessary for service and data recovery, and covers all information security aspects of business continuity management.
This policy applies to all management, employees, and suppliers that are involved in the recovery of IT infrastructure and services within the organization. This policy must be made readily available to all whom it applies to.
Scope. This policy defines the overall disaster recovery strategy for GalaxyWorks. The strategy describes the organization's Recovery Time Objective (RTO), which is defined as the duration of time and service level for critical business processes to be restored after a disaster or other disruptive event, as well as the procedures, responsibility and technical guidance required to meet the RTO. This policy also lists the contact information for personnel and service providers that may be needed during a disaster recovery event.
The following conditions must be met for this plan to be viable:
- All equipment, software and data (or their backups/failovers) are available in some manner.
- The Information Security Officer is responsible for coordinating and conducting a bi-annual (at least) rehearsal of this continuity plan.
This plan does not cover the following types of incidents:
- Incidents that affect customers or partners but have no effect on the organization’s systems; in this case, the customer must employ their own continuity processes to make sure that they can continue to interact with the organization and its systems.
- Incidents that affect cloud infrastructure suppliers at the core infrastructure level, including but not limited to Google, Azure, or Amazon Web Services. The organization depends on such suppliers to employ their own continuity processes.
The organization must endeavor to restore its normal level of business operations as soon as possible. A list of relevant points of contact in the organization is enclosed below.
The following services and technologies are considered to be critical for business operations, and must immediately be restored (in priority order):
- Galaxy Pro Database
- Keycloak Database
- Shared filesystem containing user data
- CVMFS mounts containing reference data
- Kubernetes service pods
The following key tasks and SLAs must be considered during a disaster recovery event, in accordance with the organization’s objectives, agreements, and legal, contractual or regulatory obligations:
- Any single service outage must not exceed a total of 7 hours 18 minutes to comply with monthly SLA guarantees;
- Our goal is to restore service within one hour of reported service outage.
The organization’s Recovery Time Objective (RTO) is 7 hours 18 minutes. Restoration of critical services and technologies must be completed within this time period.
The following personnel must be notified when this plan is initiated:
|Nuwan Goonasekera||Enis Afgan|
|Person identifying incident|
|Dannon Baker||Enis Afgan|
This plan must only be deactivated by
- Nuwan Goonasekera, or
- Dannon Baker, or
- Enis Afgan.
In order for this plan to be deactivated, all activities and critical service / technology tasks as detailed above must be fully completed and/or restored. If the organization is still operating in an impaired scenario, the plan may still be kept active at the discretion of Enis Afgan, Nuwan Goonasekera, or Dannon Baker.
The following personnel must be notified when this plan is deactivated:
- Nuwan Goonasekera
- Dannon Baker
- Enis Afgan
- Stephanie Pond
|Name||Job title||Email address||Alternate contact|