Taranis Business Continuity Planning (BCP)

Taranis Business Continuity Planning (BCP)

Business Continuity Plan Overview

Taranis systems Business Continuity Plan is a comprehensive statement of actions to be taken before, during and after a disaster. This plan is designed to reduce the risk to an acceptable level by ensuring the restoration of critical functions and services within a short time frame, and all essential production within a longer, but permissible, time frame. This plan identifies the critical functions and services for Taranis services and the resources required to support them. Guidelines and recommendations are provided for ensuring that needed personnel and resources are available for disaster preparation, assessment and response to permit the timely restoration of services.

Definitions

Business Continuity Plan (BCP) - a document describing a set of arrangements, resources, and sufficient procedures that enable an organization to respond to a disaster and resume its critical operations within a predefined time frame without incurring unacceptable operational impacts.

Disaster Recovery Plan (DRP) – a technical document describing the processes, policies, and procedures related to implementing precautionary measures and preparing for the recovery, continuation, or resumption of services in the event a catastrophic event occurs.

Disaster – a sudden, unplanned catastrophic event that causes a complete loss or significant disruption in customer’s mission critical services. The primary objective of the plan is to minimize the risk of low-level events and minimize the impact of major high-level events.

Business Continuity Plan Objectives

The principal objective of the business continuity plan is to develop, test and document a well-structured and easily understood plan which will help Taranis systems recover as quickly and effectively as possible from an unforeseen disaster or emergency which interrupts Taranis systems and business operations.

The objectives of this document are:

  • Develop a Business Continuity Plan structure for managing a disaster that affects the Taranis systems.

  • Document critical information and procedures as required for the implementation of the Business Continuity Plan.

  • Present a course of action for restoring critical cloud services within a minimum number of days of initiation of the plan.

  • Provide guidelines with an escalation plan for a disaster declaration that will result in the execution of this Business Continuity Plan.

  • Describe an organizational structure for carrying out the plan and ensure that all employees fully understand their duties in implementing such a plan.

  • Ensure an orderly recovery after a disaster occurs, minimizing risk of lost production or services.

Business Continuity Plan Policy

Taranis management has approved the following policy statement:

  • The company shall develop a comprehensive Business Continuity Plan.

  • A formal risk assessment shall be undertaken to determine the requirements for the Business Continuity Plan.

  • The Business Continuity Plan shall cover all essential and critical infrastructure elements, systems and services, in accordance with key business activities.

  • The Business Continuity Plan shall be periodically tested to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed.

  • Taranis staff shall be made aware of the Business Continuity Plan and their own respective roles and responsibilities.

  • The Business Continuity Plan shall be kept up to date to reflect changing circumstances.

Assumptions of the Plan

The Business Continuity Plan has been developed and maintained based on the following assumptions:

  • This document plans for the major/worst case disaster. However, if an outage of services occurs to a lesser degree, this plan will address the incident.

  • The cause of the disaster is limited to one Taranis location (TLV, Westfield, Brazil or GCP).


BCP Team Descriptions and Responsibilities

  • BCP Management Team - Responsible for the overall direction, decision-making, and approvals required to implement the Business Continuity Plan. The team is composed of the Taranis VP R&D and engineering managers who are responsible for leadership within their respective areas.

  • Business Continuity Coordinator (BCC) – A member of the BCP Management Team with responsibility for the development, coordination, training, testing and implementation of the Business Continuity Plan.

  • BCP Team Leaders - Responsible for carrying out the tasks and provisions of the Business Continuity Plan including assigning tasks to staff, obtaining offsite data backups, contacting vendors, monitoring work progress and reporting the status to the BCP Management Team. The team is composed of Taranis team leaders and managers.

  • Emergency Operations Center (EOC) – A location established by the BCP Management Team for central coordination during the recovery efforts. This location will typically be established at Taranis Headquarters offices.

 

Disaster Risks and Prevention

As important as having a Business Continuity Plan is, taking measures to prevent a disaster or to mitigate its effects beforehand is even more important. This portion of the plan reviews the various threats that can lead to a disaster, and steps that should be taken to minimize Taranis risk. There are many forms of catastrophic loss that can occur. This section lists some of the events and situations that are considered when determining what to include in the plan.

Preventive Measures

Potential Disaster

Preventive Measures

Equipment / Hardware failure

Off Season - During off season, most equipment resides in Taranis Warehouse in Westfield, and is not operated. The equipment is stored in its original cases, in controlled temperature and humidity, in accordance with the manufacturer instructions. 

In Season  - During the US Crop Season, most equipment is out in the fields, used by DSPs (Drone Service Providers) or plane pilots. In case of a malfunction, the equipment is immediately replaced by similar reserve equipment located in Taranis Warehouse. The faulty equipment is then fixed by Taranis personnel or shipped to the vendor for maintenance/replacement.

Newly acquired equipment is always kept with the supplier before it is required by the DSP, this way we make sure we have enough storage space and keep logistics costs under control.

Manufacturer Enterprise Shield - Equipment support insurance contract to cover  repair or replacement for all hardware ,applicable for replacement of failed drones, batteries, laptops etc.

Vendor repairing agreement - Vendor shall provide technical support for low level HW failures, which allows a reduced service turnaround time, and maintain the service uptime, and also allows saving on insurance costs by not activating the shield if not necessary.


System and Software Failure (data corruption, programming errors)

Data backups – At all layers, including platform, application, and customer data.

24/7 application and technical support – This is addressed by the Taranis Support team.

Use of disk protection shared storage technology at the platform and application level

Power outage

Uninterruptible power supply (UPS) and backup generators to power systems in the event of a power failure. This service is supplied by the facilities provider.

Redundant power, cooling – An effective and efficient cooling infrastructure that is robust enough for the most complex high-power density deployments. This is addressed by Taranis in its network architecture and implementation standards in conjunction with services from the facilities provider to support the requirements.

Surge protection to minimize the effect of power surges on electronic equipment - This is addressed by the facilities provider by implementing both facilities grade protection as well as surge protected power strips at the rack level.

Malicious Activity (security violations, denial-of-service attack, sabotage, act of terrorism)

Infrastructure security - Hardening, change management procedures, Risk Assessment, patch management, password policy, periodic audit by external auditor

Network security – Segregation, Vulnerability scans, Intrusion Prevention System (IPS), TLS/SSL encrypted communication.

Application security - Security Development Lifecycle (SDL), Penetration tests, vulnerability assessment.

Data security - Data isolation, encryption, segregation.

Monitoring & Incident Management - 24x7 monitoring, Severity level 1 procedure, security breach notification.

Human Resources - Security awareness training, confidentiality agreements, adherence to regulations.

Compliance & Audit - Data processing agreements, independent audit.

Natural Disasters (earthquakes, floods, storms, tornados, hurricanes, natural fires)

Off season - During off season, most equipment resides in Taranis Warehouse in Westfield, and is not operated. In case of a natural disaster, as all equipment pieces are fully insured, Taranis will apply the insurance plan and use the funds to buy new gear and recover its operation.

In Season - During the US Crop Season, most equipment is out in the fields, used by DSPs (Drone Service Providers) or plane pilots. In case of a natural disaster in one of the hubs around the country, damaged or lost equipment can be replaced from the warehouse, and insurance claims can be applied in order to renew it. In case of a natural disaster in the warehouse itself, operation HQ can shift to an alternate site and continue from there, almost uninterrupted.

Fire prevention — Smoke and fire detection systems are installed throughout the office and warehouse. 

Flooding - Flooding is reviewed with the FEMA maps (or equivalent) and 100 year flood plains during building area locations and design.

Earthquakes - The building code takes into consideration the geographical regions, the type of soil the foundation sits on and the function of the building, then assigns Seismic Design Categories (A thru F) that structural engineers base their calculations on. This is addressed by the facilities provider.

Taranis Facilities, Offices and Personnel Crisis

Taranis has multiple offices around the world; Business operations are not dependent on one facility or office.

Taranis employees are cross trained to perform each other's jobs in their respective areas. 

Taranis employees can securely connect remotely to any Taranis system; When necessary, all Taranis employees may work remotely indefinitely.

Taranis Support Team continues to work 24x7.

Redundancy Strategies

The following are the redundancy strategies available in Taranis Network and Cloud environment:

  • Load balancing (GCP) - Taranis services are clustered and configured to elastically grow/shrink. When a specific instance goes down for any reason, it is replaced immediately by a new instance.

Backup Strategies

Taranis has a well-developed backup plan consisting of multiple daily DB snapshots. This guarantees that at any point in time, in case of a disaster, Taranis can access its full data in a remote and secured cloud backup. On a regular basis, Taranis performs a system backup to back up application files, database files, and storage files. Backup files are retained for 7-30 days. The privacy controls in practice at the company apply as well to all backup files. All backup files are subject to the privacy controls in practice at Taranis. The restore procedures are tested on an ongoing basis to ensure rapid restoration in case of data loss.

Disaster Detection and Determination

The detection of an event which could result in a disaster affecting Taranis systems is the responsibility of the Taranis Support Team, or whoever first from Taranis Organization who discovers or receives information about an emergency situation developing in one of the functional areas of Taranis Services.

Disaster Notification

Whoever detects the disaster must notify Taranis Support. In addition to providing some fault tolerance in the initial response, this role sharing enables effective use of shifts during the disaster recovery process.

Taranis Support Team will establish the Emergency Operations Center (EOC) and monitor the evolving situation and, if appropriate, will then notify the BCP Management Team. The complete emergency contact list for Taranis is available to and periodically maintained by the Support team.


Determine Personnel Status

Taranis Support Team will determine the status of personnel working at the time of the disaster. The Support team will produce a list of those individuals currently present who will be available to aid in the recovery process. Caring for the well-being of people is the first priority immediately following a disaster.

Damage Assessment

To determine how the business continuity plan will be implemented following a severe disruption to service, it is essential to assess the nature and extent of the damage incurred.

Once the appropriate facilities provider’s contacts have been notified, the BCP Team Leaders will be contacted so that a preliminary determination can be made whether an onsite damage assessment is required or feasible.

Damage assessment is intended to quickly understand the extent of damage to mission critical systems and the facility that houses. Personnel safety remains the first priority.

During the Assessment, the following areas should be addressed:

  • Cause of the disaster or disruption

  • Potential for additional disruptions or damage

  • Area affected

  • Status of physical infrastructure (e.g., structural integrity of HQ and Warehouse, condition of electric power, telecommunications, and heating/ventilation/environmental conditions)

  • Inventory and functional condition of Taranis equipment

  • Type of damage to equipment or data (e.g., water, fire, physical impact, electrical surge)

  • Estimated time to restore normal services

Disaster Determination

The Damage Assessment process will determine the severity of the disaster and estimate the amount of time required to restore Taranis systems back to normal operations.

Taranis has classified disasters and emergencies into three levels – minor, major and catastrophic.

  • Minor Disaster - A minor disaster is characterized by an expected downtime of no more than 48 hours. Damage can be to hardware, software, and/or operating environment. Taranis systems could be restored to normal operations at the primary site and repairs can be started as soon as possible:

  • Major Disaster - A major disaster is characterized by an expected downtime of more than 48 hours but less than 7 days. A major disaster will normally have extensive damage to system hardware, software, networks, and/or operating environment. Taranis systems could be restored to normal operation with the assistance of certain recovery teams who will be called to direct restoration of normal operations at the primary site.

  • Catastrophic Disaster - A catastrophic disaster is characterized by expected downtime of greater than 7 days. The facility is destroyed to the extent that an alternate facility must be established. Damage to the system hardware, software, and/or operating environment requires total replacement / renovation of all impacted systems. The implementation of the Disaster Recovery Plan in a remote recovery site is required to restore Taranis services to normal operation.

Disaster Recovery Strategy

DR Strategies for Minor & Major Disasters

Data Loss caused by Equipment or Software Failure

This section details the activities needed to restore data loss or corruption due to a minor or major disaster at the hardware and/or software level.

If the event was caused by software failure or human error, the DR Application Response Team will be notified.

Data Loss caused by data corruption or application issues

  • Software will be repaired or reinstalled, as appropriate.

  • Data restoration will be performed from an onsite or offsite backup.

  • Customer notification will be updated on Taranis Website.

Service Disruption caused by Cloud Provider Failure

  • Cloud provider-owned resolution activities will be tracked by Taranies Support team through completion.

  • Customer notification will be updated on Taranis website.

Service Disruption Due to Taranis Equipment Failure

  • The system vendor will be contacted with a request for emergency service.

  • Equipment repair or replacement will be performed.

  • As needed, software configurations will be performed on the repaired or replaced Equipment.

  • Customer notification will be updated at Taranis website.

DR Strategy for Catastrophic Disaster

This section details the activities to be performed in response to a catastrophic disaster at the facilities level:

  • The BCP Team Leaders, in collaboration with the facilities provider, will evaluate the extent of the facilities loss.

  • If the primary facility will be out of service for more than 7 days, customer notification will be updated at Taranis website

  • An assessment of the condition of Taranis owned equipment will be performed.  Equipment that is still usable will be identified and added to the available inventory list for use at the recovery site.

  • Simultaneously, a predetermined alternate facilities provider will be notified and engaged.

  • A list of needed equipment/hardware will be created. The procurement process will be initiated to order the needed equipment/hardware.

  • A plan and timeline for implementation of the recovery site will be finalized and distributed to Taranis’ customer stakeholders.

  • The implementation plan will be executed.

  • Taranis’ customer stakeholders will be notified of resumption of service at the alternative hosting facility.

Locate and Salvage Data and Equipment

Initial goals are to protect and preserve the salvageable equipment. Any piece of equipment that can be retrieved will be reclaimed by Taranis for use in the Recovery Site. In particular, Drone parts, batteries and chargers will be identified and protected from the elements. Whenever possible, the above equipment will be removed to a clean, dry environment away from the disaster site. Consideration of sending engineering as required, to the remote location of the disaster.

Designate Recovery Site

An inspection of the HQ and warehouse will be performed by the BCP Team Leaders to determine what equipment is salvageable and the amount of time needed to restore the salvageable equipment back into working order. A decision regarding the use of a designated remote location will be made. This will provide a temporary location where computing and networking capabilities can be restored until the primary site is available. If estimates indicate that recovery at the original site will require more than 7 days, migration to the remote recovery site will be initiated by notifying and engaging with the predetermined alternate facilities provider.

Systems and Data Recovery

Taranis will use salvageable equipment if possible. For equipment that cannot be used and must be replaced, Taranis Procurement Team will contact the appropriate vendors.

Data recovery will be performed using backups retrieved from backup locations. Initial data recovery efforts will focus on restoring the operating system(s) for each system. Next, mission critical system data will be restored. After system data is restored, individual customer data will be restored.

Return to Restored Primary Sites

During the recovery process at the alternate remote site, physical restoration of the primary data center will begin. When the data center is ready for occupancy, the systems running at the alternate remote site will be moved back to the primary site.

Transferring Services back to primary Data Center

This section defines the steps to be taken in order to transfer services back to the primary hosting site after the use of a designated recovery site.

Operational readiness at the original primary site will be verified prior to the execution of this step. Once verified, the following steps will be initiated:

  • Migration schedule availability at the facilities supplier

  • Migration schedule availability with the customer

  • Cloud Services preparation for migration

  • Migration execution

  • Systems Acceptance Test (SAT) and User Acceptance Test (UAT) completion

  • Notice to Operations of Migration

Recovery Time Objectives and Recovery Point Objectives

RTO - Recovery Time Objectives

In case of a need for a complete recovery, Taranis will make an effort to recover the customer’s data as soon as possible. Depending on the nature of the disaster, the recovery may take between a few hours to several days and is based on the full backup that is made on a daily basis to our cloud environment.

RPO - Recovery Point Objectives

Taranis has adopted a rigid backup procedure to safeguard the customers' data. On a regular basis, Taranis performs system backups using best practice industry standards and centralized backup systems, including backups of the server configurations, application files, database files, and storage files. This includes daily backup snapshots of all the data. All backup files are subject to the privacy controls in use at Taranis. The restore procedures are tested on an ongoing basis to ensure rapid restoration in case of data loss. 

Plan Maintenance and Testing

A Business Continuity Plan is critical and must be maintained to ensure that it does not become obsolete. This section provides information about the maintenance procedures necessary to keep it up to date.

Business Continuity Coordinator (BCC)

The Business Continuity Coordinator has overall responsibility for the design, development, coordination, implementation, administration, training, awareness programs, and maintenance of the Business Continuity Plan. The BCC will follow the best practices established by the DRI International Professional Practices for Business Continuity Planners (see www.drii.org for the latest version).

In accordance with the DRII Professional Practices, The Business Continuity Coordinator is responsible for:

  • Providing BCP project coordination and management.

  • Performing risk evaluation and mitigation as required.

  • Developing and obtaining approval for the Business Continuity Strategy.

  • Developing and implementing the Business Continuity Plan.

  • Developing, maintaining, coordinating, testing and evaluating the BCP.

Business Continuity Plan Maintenance

The BCP will be annually evaluated and updated. All portions of the plan will be reviewed by the BCP management team. If portions of the Plan need to be changed, rewritten, or reviewed by specific cloud teams, that task will be assigned to the appropriate team. Additionally, the plan will be tested on a regular basis and any faults will be corrected. The BCP Management Team is responsible for overseeing the individual components and files and ensuring that they meet standards consistent with the rest of the Plan.

Testing the BCP

The Business Continuity Coordinator will conduct periodic tests of the Business Continuity Plan using different methodologies (such as: structured walk-through exercise, tactical exercise, and technical exercise for the BCP Team Leaders) or a combination of these methodologies. A report will be submitted to the BCP Management Team after the completion of the exercise that will detail the success and/or failure of the exercise. A discussion surrounding any improvements to the plan will occur. Any revisions to the document based upon the results of the test and the discussion in management will be integrated into the document.


For more information see: Disaster Recovery on Google Cloud


    • Related Articles

    • Taranis Data Security and Retention

      Data Security Introduction Taranis is committed to providing its customers with a highly secure and reliable environment for our data operations and cloud-based applications. We have therefore developed a multi-tiered security model that covers all ...

    • Taranis Security And Privacy Incident Response Policy

      Taranis Security And Privacy Incident Response Policy Purpose and Scope The purpose of this policy is to ensure that Taranis reacts appropriately to any actual or suspected security or privacy event regarding Taranis systems and/or data and that all ...