Q: Does your organization conduct regular information security continuity testing, and at what frequency (e.g., quarterly, annually)?
A: Yes, we conduct regular testing, typically on an annual basis.
Q: Are all risk scenarios identified in the risk analysis tested? How long does it take before all risk scenarios have been tested?
A: We prioritize high-risk scenarios and conduct testing accordingly. Not all scenarios are tested at once, but over time, we ensure coverage through scheduled assessments.
Q: Has the Business Continuity Plan been created based on any security standard? If yes, please specify which one.
A: Yes, it follows ISO 27001 guidelines.
Q: Is the Disaster Recovery Plan part of the Business Continuity Plan? Are both aligned? Please provide some workflow showing when each is triggered.
A: Yes, the Disaster Recovery Plan is a subset of the Business Continuity Plan, and both are aligned. A workflow can be provided upon request.
Q: If the service is contracted with you, what would be the RTO associated with our service?
A: The Recovery Time Objective (RTO) varies depending on the specific situation but is typically within a few hours.
Q: Is there a predefined threshold for acceptable downtime (Maximum Tolerable Downtime, MTD) for critical services?
A: Yes, our Maximum Tolerable Downtime (MTD) is 30 minutes. We have redundancy measures in place to minimize disruptions and ensure service availability.
Q: Do you conduct end-to-end disaster recovery drills that include client systems?
A: Our client systems are primarily web browsers, so there is no need to test those specifically. However, we conduct full disaster recovery (DR) tests annually to ensure our infrastructure and recovery processes function as expected.
