1. Policy Statement

aNinja recognizes the critical importance of maintaining uninterrupted business operations and safeguarding consumer Non-Public Information (NPI) in the face of potential disruptions and disasters. This Business Continuity and Disaster Recovery (BCDR) policy outlines aNinja’s commitment to ensuring the availability, resilience, and security of our CRM software and consumer NPI.

2. Scope

This policy applies to all aNinja employees, contractors, partners, and customers who interact with aNinja’s CRM software and consumer NPI.

3. Objectives

• Ensure the availability of aNinja’s CRM software and protection of consumer NPI during and after disasters or disruptions.
• Minimize downtime and data loss to maintain business operations and customer trust.
• Establish a framework for planning, testing, and implementing BCDR strategies.

4. Responsibilities

• Executive Management: Provide leadership and support for BCDR initiatives, allocate necessary resources, and ensure policy compliance.
• IT and Security Teams: Develop and maintain BCDR plans, conduct regular risk assessments, and oversee technical implementations.
• Employees: Familiarize themselves with BCDR procedures, report potential risks, and cooperate during BCDR testing and drills.

5. Business Impact Analysis (BIA)

aNinja will periodically conduct a BIA to assess potential risks, prioritize critical processes, and identify resources needed for successful BCDR planning.

6. BCDR Strategies

• Data Backups: Regularly backup consumer NPI and critical business data. Store backups off-site and ensure their integrity through routine testing and restoration exercises.
• Redundancy: Implement redundancy measures for critical systems to minimize single points of failure.
• Incident Response: Maintain an incident response plan outlining steps to take in case of a security breach or data loss event.
• Data Encryption: Ensure consumer NPI is encrypted both during transmission and storage to protect against unauthorized access.
• Alternate Facilities: Identify alternate facilities or remote work setups in case primary locations are compromised.
• Communication Plan: Establish clear communication channels to notify employees, customers, and stakeholders in the event of a disruption

7. Testing and Training

Regularly test BCDR strategies through tabletop exercises, simulations, and drills to validate the effectiveness of the plans. Provide training to employees and stakeholders on their roles during a disaster or disruption.

8. Monitoring and Review

Continuously monitor the effectiveness of the BCDR strategies and plans, update them as necessary based on changes in technology, business processes, and risks.

9. Compliance and Auditing

Conduct periodic audits to ensure compliance with this policy and relevant industry regulations. Address any non-compliance promptly.

10. Reporting and Documentation

Maintain detailed documentation of BCDR plans, testing results, incident response activities, and any changes made to the strategies.

11. Review and Revision of the Policy

This policy will be reviewed annually or as needed to ensure its relevance and effectiveness.

12. Conclusion

This BCDR policy underscores aNinja’s commitment to safeguarding consumer NPI and ensuring the continuity of our CRM software even in the face of unexpected disruptions. By following this policy, aNinja aims to uphold its responsibility to customers and stakeholders and maintain a high level of trust in our services.