Introduction

Purpose: The purpose of this Business Continuity Plan (BCP) is to outline the procedures and strategies Jitbit will implement to ensure the continuity of its critical services, particularly the Jitbit Helpdesk, a SaaS support ticketing system, in the event of an unexpected disruption. This plan aims to minimize the impact on business operations, protect assets, and ensure the safety and well-being of employees and customers.

Scope: This BCP covers the key components necessary to maintain the operational integrity of Jitbit's services, including critical functions, IT infrastructure, communication protocols, and recovery strategies. It is applicable to all forms of disruptions, whether natural, technological, or human-induced.

Objectives: The primary objectives of this BCP are to:

Ensure the rapid restoration of Jitbit's critical services with minimal downtime. Maintain clear and effective communication with employees, and customers during a disruption. Protect the company's data, assets, and reputation from potential damage.

Key Contacts and Responsibilities:

Max Al Farakh, CTO: Overall responsibility for the BCP, including coordination of recovery efforts and communication with stakeholders.

This BCP is a living document and will be regularly reviewed and updated to reflect changes in the business environment, technology, and potential risks. All employees are encouraged to familiarize themselves with this plan and understand their roles and responsibilities in the event of a disruption.

Key Services

Jitbit Helpdesk: The primary service provided by Jitbit is the Jitbit Helpdesk, a SaaS support ticketing system. This service is critical to the operations of Jitbit as it is the core product offered to customers. The Jitbit Helpdesk enables users to manage, track, and resolve support tickets efficiently, making it an essential tool for customer support teams.

The continuity of the Jitbit Helpdesk service is paramount to maintaining customer satisfaction and trust. In the event of a disruption, restoring this service will be the top priority to ensure that customers can continue to receive support and manage their tickets without significant delays.

Critical Functions

The critical functions necessary to deliver the Jitbit Helpdesk service are as follows:

1. Hosting and Infrastructure Maintenance: The availability and performance of the Jitbit Helpdesk platform are dependent on the robustness of its hosting environment and infrastructure. Maintaining the web servers, database servers, mail servers, and other supporting servers is crucial to ensure the service remains operational.
2. Customer Support and Communication: Providing timely and effective support to customers is a core function of the Jitbit Helpdesk service. This includes managing support tickets, responding to customer inquiries, and resolving issues.
3. Data Management and Security: Ensuring the integrity, availability, and security of customer data is a critical function. This includes regular backups, data encryption, and implementing security measures to protect against unauthorized access or data breaches.
4. Software Development and Updates: Continuous development and updates to the Jitbit Helpdesk software are essential to address bugs, improve functionality, and meet evolving customer needs.
5. Billing and Subscription Management: Managing customer subscriptions, processing payments, and handling billing inquiries are vital functions to maintain the financial health of the business.

In the event of a disruption, these critical functions will be prioritized for recovery to minimize the impact on customers and the overall business operations.

IT Infrastructure

The critical IT systems and applications supporting Jitbit's business operations are as follows:

1. Web Servers: Host the Jitbit Helpdesk platform, ensuring its availability and performance for users.
2. Database Servers: Store and manage the data for the Jitbit Helpdesk, including customer information, support tickets, and user activity.
3. Mail Servers: Handle the sending and receiving of emails related to support tickets and customer communication.
4. Other Supporting Servers: Include servers for backup, security, and additional services that support the overall functionality of the Jitbit Helpdesk.
5. Cloud Hosting Provider: Jitbit relies on Amazon AWS us-east-1 as its critical cloud hosting provider, which hosts the infrastructure and provides scalability, reliability, and security.

The continuity and resilience of these IT systems are essential for the uninterrupted operation of the Jitbit Helpdesk service. Regular maintenance, monitoring, and security measures are in place to ensure the stability and security of the IT infrastructure. In the event of a disruption, restoring these systems will be a top priority to resume normal business operations.

Backup Solutions

Jitbit has implemented comprehensive backup solutions to ensure the continuity of data and IT infrastructure in the event of a disruption. All critical data, including customer information, support tickets, and system configurations, are backed up regularly to secure offsite locations. This ensures that data can be quickly restored in the event of data loss or corruption. Full backups of application servers and other critical servers are performed regularly. These backups include system state, application data, and configurations, allowing for rapid restoration of services.

Jitbit leverages cloud-based backup solutions to provide additional redundancy and scalability. These solutions enable quick recovery of data and systems in case of a major disruption.

Regular testing of backup systems and procedures is conducted to ensure that data can be effectively restored when needed.

More information on the backup strategy.

Alternative Work Locations

Jitbit is a remote-only company, meaning that there is no physical office space. Instead, employees work from various locations, leveraging digital tools and platforms to collaborate and perform their duties. This remote work model provides flexibility and resilience in the face of disruptions that may impact physical office spaces, such as natural disasters or public health crises.

In the event of a disruption that affects an employee's ability to work from their usual location, the following measures are in place:

1. Remote Work Capabilities: All employees are equipped with the necessary tools and technology to work remotely, including laptops, secure access to company systems, and communication tools like email and video conferencing.
2. Flexible Work Arrangements: Employees are encouraged to find alternative work locations that are safe and conducive to productivity, such as home offices, coworking spaces, or other remote locations.
3. Support for Remote Work: Jitbit provides support and resources to ensure that employees can maintain their productivity and well-being while working remotely. This includes guidelines for setting up a home office, tips for remote collaboration, and access to mental health resources.

By embracing a remote work model, Jitbit is able to maintain business continuity and adapt to various disruptions without relying on a physical office space.

Communication Plan

In the event of a disruption, Jitbit has established a communication plan to ensure timely and effective communication with employees, customers, and stakeholders. The communication plan includes the following components:

Internal Communication:

1. Primary Channel: Internal chat will be the primary mode of communication for internal updates and instructions.
2. Secondary Channels: In case of the chat service disruption, alternative channels such as instant messaging platforms and phone calls will be used.
3. Communication Team: A designated communication team, led by the CTO, will be responsible for coordinating internal communication efforts. External Communication:
4. Customer Communication: Updates regarding service disruptions and recovery efforts will be communicated to customers via the official status page (https://statuspage.jitbit.com) and the company's Twitter account. Communication Priorities:
5. Immediate Priorities: The initial focus will be on communicating the nature of the disruption, the expected impact on services, and the steps being taken to address the situation.
6. Ongoing Updates: Regular updates will be provided to keep all parties informed about the recovery progress and any changes to the situation.
7. Post-Recovery Communication: Once the disruption is resolved, a final communication will be issued to confirm the restoration of services and to provide any relevant information about the incident.

The communication plan is designed to ensure transparency, maintain trust, and provide reassurance to all parties involved during a disruption.

Recovery Time Objectives

Jitbit has established Recovery Time Objectives (RTOs) to define the maximum acceptable downtime periods for its critical functions and IT systems. These objectives are crucial for setting expectations and prioritizing recovery efforts in the event of a disruption. The RTOs for Jitbit's critical services are as follows:

Jitbit Helpdesk Service: 8 hours This RTO reflects the maximum acceptable downtime for the Jitbit Helpdesk platform to be fully operational and accessible to customers.

IT Infrastructure: Webserver: 4 hours Database Server: 8 hours Mail Servers: 4 hours Other Supporting Servers: 4 hours

These RTOs indicate the maximum acceptable downtime for the restoration of each component of the IT infrastructure to ensure the continuity of the Jitbit Helpdesk service.

Customer Support and Communication: 8 hours This RTO represents the maximum acceptable time to re-establish effective communication channels with customers and resume support services.

These RTOs are established based on the criticality of each function to the overall business operations and the potential impact of downtime on customers and the company's reputation. Jitbit's recovery strategies are designed to ensure that these objectives can be met in the event of a disruption.

Supplier Dependencies

Jitbit relies on critical suppliers and third-party services to support its operations. One of the key dependencies is:

Amazon AWS us-east-1: Jitbit's hosting services, including the infrastructure for the Jitbit Helpdesk platform, are dependent on Amazon AWS us-east-1. This includes web servers, database servers, and other cloud-based resources. In the event of a disruption affecting Amazon AWS us-east-1, Jitbit has the following measures in place:

1. Service Level Agreements (SLAs): Jitbit has established SLAs with Amazon AWS to ensure timely response and resolution of any service disruptions.
2. Backup Hosting Provider: Jitbit maintains a contingency plan with a backup hosting provider to ensure that services can be quickly migrated and restored in the event of a prolonged outage with Amazon AWS.
3. Regular Monitoring: Jitbit continuously monitors the performance and availability of Amazon AWS services to detect and address potential issues promptly.

By managing these supplier dependencies, Jitbit aims to minimize the risk of disruptions to its operations and ensure the continuity of its services.

Response and Recovery Procedures

Jitbit has established specific procedures for responding to and recovering from various types of disruptions. These procedures are designed to ensure a coordinated and effective response to incidents, minimize downtime, and restore critical functions as quickly as possible.

General Response Procedure:

Incident Detection: Monitor systems and services for any signs of disruption. Employees are encouraged to report any issues or anomalies immediately. Incident Assessment: Assess the severity and impact of the incident to determine the appropriate response level. Activation of BCP: If the incident is deemed significant, activate the Business Continuity Plan and assemble the response team. Communication: Implement the communication plan to keep employees, customers, and stakeholders informed about the situation and recovery efforts. Containment and Mitigation: Take immediate actions to contain the incident and mitigate its impact on business operations.

Recovery Procedures:

IT Infrastructure Recovery: Restore backups for affected servers and systems. Work with the hosting provider (Amazon AWS) to resolve any infrastructure-related issues. Conduct tests to ensure systems are fully functional before resuming normal operations. Jitbit Helpdesk Service Recovery: Prioritize the restoration of the Jitbit Helpdesk platform to ensure customers can access support services. Coordinate with the development team to address any software-related issues. Customer Support and Communication Recovery: Re-establish communication channels with customers, including email and the official status page. Provide updates and support to customers affected by the disruption. Post-Recovery Review: Conduct a thorough review of the incident, the effectiveness of the response, and the recovery process. Identify lessons learned and areas for improvement in the Business Continuity Plan.

By following these response and recovery procedures, Jitbit aims to minimize the impact of disruptions on its operations and ensure a swift return to normal business activities.

Training and Testing

To ensure the effectiveness of the Business Continuity Plan (BCP), Jitbit has implemented training and testing programs for its employees and key personnel. These programs are designed to prepare the team for responding to disruptions and to evaluate the plan's effectiveness in real-world scenarios.

Training:

1. BCP Awareness: All employees are provided with an overview of the BCP, including their roles and responsibilities in the event of a disruption.
2. Role-Specific Training: Key personnel, such as the CTO and IT team members, receive detailed training on their specific tasks and responsibilities within the BCP.
3. Communication Training: Employees involved in communication during a disruption are trained on the communication plan, including how to use various channels effectively and maintain clear and consistent messaging.
4. Regular Updates: Training sessions are updated and conducted regularly to reflect changes in the BCP, new threats, and lessons learned from previous incidents or tests.

Testing:

1. Tabletop Exercises: Simulated scenarios are used to walk through the BCP and test the response of key personnel. These exercises help identify gaps and areas for improvement in the plan.
2. Technical Drills: Specific technical drills, such as backup restoration tests and failover procedures, are conducted to ensure the readiness of IT systems and infrastructure.
3. Full-Scale Tests: Periodically, a full-scale test is conducted, simulating a major disruption to evaluate the overall effectiveness of the BCP and the coordination among different teams.
4. After-Action Reviews: Following each test, an after-action review is conducted to assess the performance, gather feedback, and identify areas for improvement.

Training and testing are integral components of maintaining a robust and effective Business Continuity Plan, ensuring that Jitbit is prepared to respond efficiently and effectively to any disruption.

Maintenance and Review

To ensure the Business Continuity Plan (BCP) remains relevant and effective, Jitbit has established a process for regular maintenance and review of the plan. This process includes:

1. Regular Review Schedule: The BCP is reviewed and updated at least annually or more frequently if significant changes occur in the business environment, technology, or organizational structure.
2. Change Management: Any changes to critical systems, processes, or personnel are evaluated for their impact on the BCP, and the plan is updated accordingly.
3. Lessons Learned: After any incident or disruption, a review is conducted to identify lessons learned and areas for improvement. These insights are incorporated into the BCP to enhance its effectiveness.
4. Training and Testing Updates: As the BCP is updated, corresponding changes are made to training programs and testing scenarios to ensure they reflect the current plan.
5. Documentation and Communication: All updates to the BCP are documented, and relevant stakeholders are informed about any changes to the plan.

By maintaining and regularly reviewing the BCP, Jitbit ensures that the plan evolves with the organization and remains a robust framework for responding to and recovering from disruptions.