Taranis systems Business Continuity Plan is a comprehensive statement of actions to be taken before, during and after a disaster. This plan is designed to reduce the risk to an acceptable level by ensuring the restoration of critical functions and services within a short time frame, and all essential production within a longer, but permissible, time frame. This plan identifies the critical functions and services for Taranis services and the resources required to support them. Guidelines and recommendations are provided for ensuring that needed personnel and resources are available for disaster preparation, assessment and response to permit the timely restoration of services.
Business Continuity Plan (BCP) - a document describing a set of arrangements, resources, and sufficient procedures that enable an organization to respond to a disaster and resume its critical operations within a predefined time frame without incurring unacceptable operational impacts.
Disaster Recovery Plan (DRP) – a technical document describing the processes, policies, and procedures related to implementing precautionary measures and preparing for the recovery, continuation, or resumption of services in the event a catastrophic event occurs.
Disaster – a sudden, unplanned catastrophic event that causes a complete loss or significant disruption in customer’s mission critical services. The primary objective of the plan is to minimize the risk of low-level events and minimize the impact of major high-level events.
The principal objective of the business continuity plan is to develop, test and document a well-structured and easily understood plan which will help Taranis systems recover as quickly and effectively as possible from an unforeseen disaster or emergency which interrupts Taranis systems and business operations.
The objectives of this document are:
Develop a Business Continuity Plan structure for managing a disaster that affects the Taranis systems.
Document critical information and procedures as required for the implementation of the Business Continuity Plan.
Present a course of action for restoring critical cloud services within a minimum number of days of initiation of the plan.
Provide guidelines with an escalation plan for a disaster declaration that will result in the execution of this Business Continuity Plan.
Describe an organizational structure for carrying out the plan and ensure that all employees fully understand their duties in implementing such a plan.
Ensure an orderly recovery after a disaster occurs, minimizing risk of lost production or services.
Taranis management has approved the following policy statement:
The company shall develop a comprehensive Business Continuity Plan.
A formal risk assessment shall be undertaken to determine the requirements for the Business Continuity Plan.
The Business Continuity Plan shall cover all essential and critical infrastructure elements, systems and services, in accordance with key business activities.
The Business Continuity Plan shall be periodically tested to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed.
Taranis staff shall be made aware of the Business Continuity Plan and their own respective roles and responsibilities.
The Business Continuity Plan shall be kept up to date to reflect changing circumstances.
The Business Continuity Plan has been developed and maintained based on the following assumptions:
This document plans for the major/worst case disaster. However, if an outage of services occurs to a lesser degree, this plan will address the incident.
The cause of the disaster is limited to one Taranis location (TLV, Westfield, Brazil or GCP).
BCP Management Team - Responsible for the overall direction, decision-making, and approvals required to implement the Business Continuity Plan. The team is composed of the Taranis VP R&D and engineering managers who are responsible for leadership within their respective areas.
Business Continuity Coordinator (BCC) – A member of the BCP Management Team with responsibility for the development, coordination, training, testing and implementation of the Business Continuity Plan.
BCP Team Leaders - Responsible for carrying out the tasks and provisions of the Business Continuity Plan including assigning tasks to staff, obtaining offsite data backups, contacting vendors, monitoring work progress and reporting the status to the BCP Management Team. The team is composed of Taranis team leaders and managers.
Emergency Operations Center (EOC) – A location established by the BCP Management Team for central coordination during the recovery efforts. This location will typically be established at Taranis Headquarters offices.
As important as having a Business Continuity Plan is, taking measures to prevent a disaster or to mitigate its effects beforehand is even more important. This portion of the plan reviews the various threats that can lead to a disaster, and steps that should be taken to minimize Taranis risk. There are many forms of catastrophic loss that can occur. This section lists some of the events and situations that are considered when determining what to include in the plan.
The following are the redundancy strategies available in Taranis Network and Cloud environment:
Load balancing (GCP) - Taranis services are clustered and configured to elastically grow/shrink. When a specific instance goes down for any reason, it is replaced immediately by a new instance.
Taranis has a well-developed backup plan consisting of multiple daily DB snapshots. This guarantees that at any point in time, in case of a disaster, Taranis can access its full data in a remote and secured cloud backup. On a regular basis, Taranis performs a system backup to back up application files, database files, and storage files. Backup files are retained for 7-30 days. The privacy controls in practice at the company apply as well to all backup files. All backup files are subject to the privacy controls in practice at Taranis. The restore procedures are tested on an ongoing basis to ensure rapid restoration in case of data loss.
The detection of an event which could result in a disaster affecting Taranis systems is the responsibility of the Taranis Support Team, or whoever first from Taranis Organization who discovers or receives information about an emergency situation developing in one of the functional areas of Taranis Services.
Whoever detects the disaster must notify Taranis Support. In addition to providing some fault tolerance in the initial response, this role sharing enables effective use of shifts during the disaster recovery process.
Taranis Support Team will establish the Emergency Operations Center (EOC) and monitor the evolving situation and, if appropriate, will then notify the BCP Management Team. The complete emergency contact list for Taranis is available to and periodically maintained by the Support team.
Taranis Support Team will determine the status of personnel working at the time of the disaster. The Support team will produce a list of those individuals currently present who will be available to aid in the recovery process. Caring for the well-being of people is the first priority immediately following a disaster.
To determine how the business continuity plan will be implemented following a severe disruption to service, it is essential to assess the nature and extent of the damage incurred.
Once the appropriate facilities provider’s contacts have been notified, the BCP Team Leaders will be contacted so that a preliminary determination can be made whether an onsite damage assessment is required or feasible.
Damage assessment is intended to quickly understand the extent of damage to mission critical systems and the facility that houses. Personnel safety remains the first priority.
During the Assessment, the following areas should be addressed:
Cause of the disaster or disruption
Potential for additional disruptions or damage
Status of physical infrastructure (e.g., structural integrity of HQ and Warehouse, condition of electric power, telecommunications, and heating/ventilation/environmental conditions)
Inventory and functional condition of Taranis equipment
Type of damage to equipment or data (e.g., water, fire, physical impact, electrical surge)
Estimated time to restore normal services
The Damage Assessment process will determine the severity of the disaster and estimate the amount of time required to restore Taranis systems back to normal operations.
Taranis has classified disasters and emergencies into three levels – minor, major and catastrophic.
Minor Disaster - A minor disaster is characterized by an expected downtime of no more than 48 hours. Damage can be to hardware, software, and/or operating environment. Taranis systems could be restored to normal operations at the primary site and repairs can be started as soon as possible:
Major Disaster - A major disaster is characterized by an expected downtime of more than 48 hours but less than 7 days. A major disaster will normally have extensive damage to system hardware, software, networks, and/or operating environment. Taranis systems could be restored to normal operation with the assistance of certain recovery teams who will be called to direct restoration of normal operations at the primary site.
Catastrophic Disaster - A catastrophic disaster is characterized by expected downtime of greater than 7 days. The facility is destroyed to the extent that an alternate facility must be established. Damage to the system hardware, software, and/or operating environment requires total replacement / renovation of all impacted systems. The implementation of the Disaster Recovery Plan in a remote recovery site is required to restore Taranis services to normal operation.
This section details the activities needed to restore data loss or corruption due to a minor or major disaster at the hardware and/or software level.
If the event was caused by software failure or human error, the DR Application Response Team will be notified.
Data Loss caused by data corruption or application issues
Software will be repaired or reinstalled, as appropriate.
Data restoration will be performed from an onsite or offsite backup.
Customer notification will be updated on Taranis Website.
Service Disruption caused by Cloud Provider Failure
Cloud provider-owned resolution activities will be tracked by Taranies Support team through completion.
Customer notification will be updated on Taranis website.
Service Disruption Due to Taranis Equipment Failure
The system vendor will be contacted with a request for emergency service.
Equipment repair or replacement will be performed.
As needed, software configurations will be performed on the repaired or replaced Equipment.
Customer notification will be updated at Taranis website.
This section details the activities to be performed in response to a catastrophic disaster at the facilities level:
The BCP Team Leaders, in collaboration with the facilities provider, will evaluate the extent of the facilities loss.
If the primary facility will be out of service for more than 7 days, customer notification will be updated at Taranis website
An assessment of the condition of Taranis owned equipment will be performed. Equipment that is still usable will be identified and added to the available inventory list for use at the recovery site.
Simultaneously, a predetermined alternate facilities provider will be notified and engaged.
A list of needed equipment/hardware will be created. The procurement process will be initiated to order the needed equipment/hardware.
A plan and timeline for implementation of the recovery site will be finalized and distributed to Taranis’ customer stakeholders.
The implementation plan will be executed.
Taranis’ customer stakeholders will be notified of resumption of service at the alternative hosting facility.
Locate and Salvage Data and Equipment
Initial goals are to protect and preserve the salvageable equipment. Any piece of equipment that can be retrieved will be reclaimed by Taranis for use in the Recovery Site. In particular, Drone parts, batteries and chargers will be identified and protected from the elements. Whenever possible, the above equipment will be removed to a clean, dry environment away from the disaster site. Consideration of sending engineering as required, to the remote location of the disaster.
Designate Recovery Site
An inspection of the HQ and warehouse will be performed by the BCP Team Leaders to determine what equipment is salvageable and the amount of time needed to restore the salvageable equipment back into working order. A decision regarding the use of a designated remote location will be made. This will provide a temporary location where computing and networking capabilities can be restored until the primary site is available. If estimates indicate that recovery at the original site will require more than 7 days, migration to the remote recovery site will be initiated by notifying and engaging with the predetermined alternate facilities provider.
Systems and Data Recovery
Taranis will use salvageable equipment if possible. For equipment that cannot be used and must be replaced, Taranis Procurement Team will contact the appropriate vendors.
Data recovery will be performed using backups retrieved from backup locations. Initial data recovery efforts will focus on restoring the operating system(s) for each system. Next, mission critical system data will be restored. After system data is restored, individual customer data will be restored.
Return to Restored Primary Sites
During the recovery process at the alternate remote site, physical restoration of the primary data center will begin. When the data center is ready for occupancy, the systems running at the alternate remote site will be moved back to the primary site.
Transferring Services back to primary Data Center
This section defines the steps to be taken in order to transfer services back to the primary hosting site after the use of a designated recovery site.
Operational readiness at the original primary site will be verified prior to the execution of this step. Once verified, the following steps will be initiated:
Migration schedule availability at the facilities supplier
Migration schedule availability with the customer
Cloud Services preparation for migration
Systems Acceptance Test (SAT) and User Acceptance Test (UAT) completion
Notice to Operations of Migration
In case of a need for a complete recovery, Taranis will make an effort to recover the customer’s data as soon as possible. Depending on the nature of the disaster, the recovery may take between a few hours to several days and is based on the full backup that is made on a daily basis to our cloud environment.
Taranis has adopted a rigid backup procedure to safeguard the customers' data. On a regular basis, Taranis performs system backups using best practice industry standards and centralized backup systems, including backups of the server configurations, application files, database files, and storage files. This includes daily backup snapshots of all the data. All backup files are subject to the privacy controls in use at Taranis. The restore procedures are tested on an ongoing basis to ensure rapid restoration in case of data loss.
A Business Continuity Plan is critical and must be maintained to ensure that it does not become obsolete. This section provides information about the maintenance procedures necessary to keep it up to date.
The Business Continuity Coordinator has overall responsibility for the design, development, coordination, implementation, administration, training, awareness programs, and maintenance of the Business Continuity Plan. The BCC will follow the best practices established by the DRI International Professional Practices for Business Continuity Planners (see www.drii.org for the latest version).
In accordance with the DRII Professional Practices, The Business Continuity Coordinator is responsible for:
Providing BCP project coordination and management.
Performing risk evaluation and mitigation as required.
Developing and obtaining approval for the Business Continuity Strategy.
Developing and implementing the Business Continuity Plan.
Developing, maintaining, coordinating, testing and evaluating the BCP.
The BCP will be annually evaluated and updated. All portions of the plan will be reviewed by the BCP management team. If portions of the Plan need to be changed, rewritten, or reviewed by specific cloud teams, that task will be assigned to the appropriate team. Additionally, the plan will be tested on a regular basis and any faults will be corrected. The BCP Management Team is responsible for overseeing the individual components and files and ensuring that they meet standards consistent with the rest of the Plan.
The Business Continuity Coordinator will conduct periodic tests of the Business Continuity Plan using different methodologies (such as: structured walk-through exercise, tactical exercise, and technical exercise for the BCP Team Leaders) or a combination of these methodologies. A report will be submitted to the BCP Management Team after the completion of the exercise that will detail the success and/or failure of the exercise. A discussion surrounding any improvements to the plan will occur. Any revisions to the document based upon the results of the test and the discussion in management will be integrated into the document.
For more information see: Disaster Recovery on Google Cloud