Business Continuity and Disaster Recovery Policy

This Business Continuity and Disaster Recovery Policy establishes a comprehensive framework to ensure the continuity of critical business operations and the rapid recovery of ICT systems in compliance with the Digital Operational Resilience Act (DORA). This policy aims to minimize downtime, protect organizational assets, and maintain regulatory compliance during disruptions.

• Business Impact Analysis (BIA): Identifies critical operations and determines Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
• Risk Assessment and Mitigation: Regularly assesses threats like cyberattacks and natural disasters, implementing controls such as redundant systems and failovers.
• Continuity and Recovery Plans: Develops and integrates Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP) to maintain operations and restore systems efficiently.
• Testing and Validation: Conducts regular drills and simulations to ensure plan effectiveness and operational resilience.
• Third-Party Dependencies: Monitors vendor compliance with BC/DR requirements and incorporates continuity clauses in contracts.
• Regulatory Compliance: Ensures adherence to DORA and maintains detailed records of disruptions and recovery efforts.

This policy supports operational excellence by enhancing the organization's ability to withstand and recover from disruptions effectively.