Business Continuity Program

Businesses of varying scales and sizes come to Appy Pie’s no code platform for multiple services and products and depend upon the platform for carrying out different functions that are critical to the business.

This is why the reliability of our platform, products, and services is critical for our clients to build relationships and trust with their customers, partners, and employees at scale. We take appropriate steps to protect our clients and their products/services through our platform architecture, resiliency practices and requirements built into our development and operational processes and by maintaining a business continuity plan to lower risks and to offer protection to our people, clients, and our offerings.

Our Program

The top priorities here at Appy Pie are our people, our offerings, and our clients and the Business Continuity Program is committed to provide solutions and strategies that protect them. Our Business Continuity Program is in line with ISO 22301 Business Continuity Management System.

The scope of Appy Pie Business Continuity Program encompasses all the customer-facing products and services in addition to the internal processes and the teams supporting their delivery.

The Team

Appy Pie has a dedicated Business Continuity and Disaster Recovery Team which consists of experienced professionals who have designed and implemented custom business continuity and disaster recovery programs for entities of varying size and type and have optimum experience in regulated frameworks and cloud service architecture. This makes it easy for the team to collaborate with other risk disciplines and make information sharing easier. It is the responsibility of the team to work closely with all the business functions across the organization to plan for potential or real crises and ensure the continuation of Appy Pie’s business and for the business of their clients.

What is Business Continuity?

Appy Pie adheres to the ISO 22301 definition of business continuity. “The capability of the business to continue the delivery of products and services at acceptable, predefined levels following a business disruption.”

Eventually, the idea is to provide everyone including employees, partners, clients, or any other stakeholders with a robust confidence that we hold the ability to offer our services and products and continue our business. This resilience that we claim to have is not to be taken lightly as it entails a continual effort because the environment and the business are continuously evolving.

Approach

At Appy Pie, we use a top-down approach to scope the business continuity program, which means that we start with the products and services we offer and then work our way back to select the teams, functions, and resources that support their delivery. The program includes a mix of experts from engineering, tech support, some critical back-office teams and functions that enable Appy Pie in important ways.

Why is this important to us at Appy Pie?

We, at Appy Pie believe in investing in business continuity planning and proactive measures to protect the business because it is important for several reasons.

 

Protecting our own

When we invest in business continuity, we are essentially investing in our people. It is of prime importance to address any vulnerabilities that may compromise the safe and healthy work environment offered to our people

Managing threats and lowering risks

The business continuity program at Appy Pie assesses and tracks any risk across all the aspects of business. With a well-rounded approach to finding, reporting, and managing the risks, we actively alleviate threats, and lessen siloed approach to problem solving.

Customer assurance

Appy Pie’s aim is in making technology affordable and available to businesses of all scale and size and to realize that aim, it is of critical importance that we take appropriate steps to offer reliable services to our customers.

Business continuity and the related strategic planning lets our people consider the wide spectrum of risks that may interfere with our ability to serve our customers.

International standards

Appy Pie takes pride in abiding by international standards and has acquired certifications of international standards including ISO 27001 and ISO 22301 in particular that are gold standards for business continuity planning.

Our process

Our business continuity program needs to have a more holistic approach when it comes to identifying and addressing risks in time while ensuring that all aspects of the business are considered properly. As a tech company, it is natural to mistakenly plan only for disruptions on the tech front, but it may take a lot more than robust tech infrastructure for maintaining the operation standards our clients expect from us. This is why we make sure that our business continuity program considers not just our platform, but also the systems, facilities, third-party relationships, and of course our diligent team to keep things going the way they should.

Business impact analysis

We conduct an annual business impact analysis to understand the business requirements, establish recovery objectives and identify gaps and vulnerable points. The requirements and objectives that are established during the business impact analysis are transferred to the team involved in strategy analysis and planning process.

Any risks or threats identified are reported to the Business Continuity and IT Disaster Recovery Steering Committee for prioritization and are tracked through a mitigation process.

Strategy analysis

Once the business impact analysis is complete, the team works closely with the Steering Committee and the functional owners to identify the current-state strategies for recovery in case an event takes place. Additionally, we also observe and document the areas where our capabilities can be improved and decide how it can be done.

Business continuity planning

Now that the strategy is in place, the business continuity plans are tweaked to stipulate how the teams would respond in the event of any disruption. Business continuity plans are developed for every in-scope team which has ownership of the plan and validates that it is usable, actionable and precise. These plans are annually reviewed, updated, and approved or in case there is a significant change in the organization.

With a resource-based planning approach and focus on documenting realistic, current-state strategies in case of loss of a critical resource like an application, tech system, facility, third-party software or equipment, people, or any other important enabler of critical functions.

Each of the business continuity plans are designed to enable the recovery and restoration of our products and services and the Recovery Time Objectives (RTOs) are established on the basis of predicted impacts from a disruption, enabling and protecting our customer-facing SLAs. These RTOs or timeframes are decided in a way so that we can meet our internal and external commitments.

Resilience and Risk Mitigation

While a business runs its operations, it is important that businesses adapt to any disruptions that occur. During these interruptions, it is essential that businesses safeguard people, overall brand equity and assets. The important factor to make a business resilient is to mitigate risk through a comprehensive, proactive, and methodical approach.

  • To mitigate risks, Appy Pie frequently conducts risk assessments and business impact analysis (BIA).

  • Appy Pie develops a risk framework and strategy to account for the evaluation of your facilities, technology, applications, data, processes and overall organization.

Redundancy and Recoverability

To ensure high service availability, Appy Pie removes single points of failure. We use server clustering and network redundancies to ensure easy data recovery. Subscribed to AWS, Appy Pie has multiple Availability Zones (AZs) for creating a BCP that keeps all data safe and recoverable.

  • Appy Pie uses fully redundant, distributed, and automated environment consisting of multiple AZs to minimize the impact of any event.

  • Appy Pie uses redundant mesh-edge network design that delivers robust networking through a number of paths.

  • We use multi AZs RDS instances to minimize impact of any event. For the protection of your entire database, we have daily snapshots which are maintained for 35 days and also offer point in time recovery.

  • We handle failure of underlying hardware components quickly and easily with the support of AWS.

Enhanced Disaster Recovery

While our business continuity and disaster recovery services are great, we have taken special care and attention to reinforce our levels of security and recoverability. This is where our Enhanced Disaster Recovery services come in. Our customers are assigned in two Performance Optimized Datacenter (POD) – a primary POD and a secondary POD. The secondary POD contains an automated volume backup which is taken twice a day and maintained for 6 months. Both PODs are located in different AZs. This is to ensure that in the event of a significant disaster, Appy Pie can failover from the primary POD to the secondary POD more seamlessly.

  • The Enhanced Disaster Recovery services provide an extra layer of protection and contains an automated volume backup (AMI/Snapshot). This practice lessens the chance of any data loss as the result of a significant disaster.

  • Our secondary POD has a full application stack and dedicated redundant capacity in place to be launched as needed.

  • We have S3 bucket versioning enabled for prevention of any data loss by human/machine error.

  • We have extensively tested our Enhanced DR functionality.

 

Incident response

We have a formal incident management process at Appy Pie which includes the triggers and escalation criteria on the basis of the severity and priority of the incident. This includes incident diagnosis, escalation, investigation, resolution and closure.

Crisis Management

In case any incident impacts Appy Pie, there is a crisis management plan in place for administering a global response. The plan includes bringing together a core team of leaders and procedures for decision-making and communications.

Testing

All the programs and plans are tested annually through tabletop exercises, plan walkthroughs, and event simulations. Appy Pie has a formal process for documentation and tracking of any corrective actions taken and lessons learned during the testing phases.

Key takeaways

  • Appy Pie has in place, a business continuity program to ensure continuous delivery of our services and products in case of business disruption
  • We prioritize our people, solutions, and customers that rely on us for the smooth functioning of their business
  • The program is aligned to ISO 22301 Business Continuity Management System