Business Continuity & Disaster Recovery (BC/DR) Policy

eXpress badging® maintains a Business Continuity & Disaster Recovery (BC/DR) framework designed to protect customer data, minimize downtime, and ensure service availability.

🌪️ Our approach emphasizes real-world resilience built on AWS’s near-perfect uptime since 2013, backed by Datto backup systems, local operational procedures, and incident response processes.

We align our policies with NIST CSF 2.0 and ISO 27001 principles, while focusing resources on practical preparedness rather than unnecessary or political processes.


📜 Documented BC/DR Policy

Supporting Documentation Available:

  • BC/DR Policy document (internal)

  • Incident Response Policy (linked above)


⏱️ Recovery Objectives

Recovery Time Objective (RTO):

Recovery Point Objective (RPO):

  • Covered by AWS multi-zone redundancy and Datto offsite backups.


⚡ Failure Scenarios & Outages

  • Primary Reliance: AWS North Virginia Region (SOC 2/ISO 27001 certified).

  • Local Resilience: Offices in Florida have withstood hurricanes, tornadoes, lightning storms, and power outages without significant service disruptions affecting daily operations.

  • Preparedness: Local processes include safe shutdown and closure of office assets if storm risk is high.

  • Backups & Restore: Scoped Data (photos, records) are protected by AWS redundancy and Datto offsite backups.

Types of Failures Considered:

  • AWS region outage — mitigated by multi-AZ design and AWS resilience.

  • Local office outage (power/weather) — mitigated by AWS hosting and Datto recovery.

  • Hardware loss — mitigated by backups and restore processes.


🏢 Coverage of All Locations

Yes — The BC/DR Plan covers:

  • Local HQ (Cocoa Beach, FL).

  • AWS North Virginia Data Center (primary cloud hosting).


📊 BC/DR Testing

  • No full BC/DR tests conducted annually.

  • Our philosophy: rather than spending profits on “checkbox” exercises, we invest in staff wages, operational improvements, and real safeguards.

  • We do review backup and recovery processes annually to confirm systems are prepared.

  • Latest Test Report: N/A

  • Next Test Scheduled: N/A (annual backup/restore reviews suffice).


🚨 Crisis Management

Supporting Documentation Available:

  • Crisis Management Policy (internal).


📣 Customer Notifications


🔒 Security During Recovery

  • ✅ Yes — Disaster recovery operations use the same security controls as standard operations.

  • AWS security stack + Datto encryption ensure Scoped Data remains protected.


🦠 Pandemic Planning

  • ❌ No dedicated “Pandemic Plan.”

  • Philosophy: During COVID-19, eXpress badging® successfully operated without interruption while many organizations closed. We rely on the same adaptive approach if another public health event occurs.


📉 Business Impact Analysis (BIA)

  • ❌ No annual BIA conducted.

  • Philosophy: We consider annual BIA consulting engagements to be low-value exercises. Our focus is on:

    • Paying higher wages to employees.

    • Maintaining AWS-based uptime and Datto backup resilience.

    • Reviewing backup/restore processes annually.


🧭 NIST CSF 2.0 Alignment

Function Practices in BC/DR Plan
Identify (ID) Asset inventory, Scoped Data classification, dependency on AWS & Datto
Protect (PR) Backup/restore, AWS redundancy, Datto encryption
Detect (DE) Fortra VM monitoring, AWS health dashboards
Respond (RS) Crisis management via Incident Response procedures
Recover (RC) AWS/Datto restore processes, RTO/RPO definitions
Govern (GV) BC/DR policy approved by leadership, owned by Technical Ops

✅ Key Takeaways for Customers & Auditors

  • Yes, eXpress badging® has a documented BC/DR Policy.

  • Yes, AWS & Datto ensure practical recovery resilience.

  • Yes, HQ and AWS are covered by the Plan.

  • Yes, customer notification is defined.

  • No, we don’t waste profits on redundant annual BIA/BCP exercises — instead, we run a practical, tested, resilient business.