eXpress badging® maintains a Business Continuity & Disaster Recovery (BC/DR) framework designed to protect customer data, minimize downtime, and ensure service availability.
🌪️ Our approach emphasizes real-world resilience built on AWS’s near-perfect uptime since 2013, backed by Datto backup systems, local operational procedures, and incident response processes.
We align our policies with NIST CSF 2.0 and ISO 27001 principles, while focusing resources on practical preparedness rather than unnecessary or political processes.
📜 Documented BC/DR Policy
-
✅ Yes — eXpress badging® maintains a documented BC/DR policy approved by management, communicated to staff, and owned by our Technical Operations Lead.
-
Reference: Incident Response & Breach Notification Procedures
Supporting Documentation Available:
-
BC/DR Policy document (internal)
-
Incident Response Policy (linked above)
⏱️ Recovery Objectives
Recovery Time Objective (RTO):
-
✅ Confirmed as defined in prior communications/documentation.
-
Reference: Data & Photos Backup, Storage, and Recovery Process
Recovery Point Objective (RPO):
-
Covered by AWS multi-zone redundancy and Datto offsite backups.
⚡ Failure Scenarios & Outages
-
Primary Reliance: AWS North Virginia Region (SOC 2/ISO 27001 certified).
-
Local Resilience: Offices in Florida have withstood hurricanes, tornadoes, lightning storms, and power outages without significant service disruptions affecting daily operations.
-
Preparedness: Local processes include safe shutdown and closure of office assets if storm risk is high.
-
Backups & Restore: Scoped Data (photos, records) are protected by AWS redundancy and Datto offsite backups.
Types of Failures Considered:
-
AWS region outage — mitigated by multi-AZ design and AWS resilience.
-
Local office outage (power/weather) — mitigated by AWS hosting and Datto recovery.
-
Hardware loss — mitigated by backups and restore processes.
🏢 Coverage of All Locations
✅ Yes — The BC/DR Plan covers:
-
Local HQ (Cocoa Beach, FL).
-
AWS North Virginia Data Center (primary cloud hosting).
📊 BC/DR Testing
-
❌ No full BC/DR tests conducted annually.
-
Our philosophy: rather than spending profits on “checkbox” exercises, we invest in staff wages, operational improvements, and real safeguards.
-
We do review backup and recovery processes annually to confirm systems are prepared.
-
Latest Test Report: N/A
-
Next Test Scheduled: N/A (annual backup/restore reviews suffice).
🚨 Crisis Management
-
✅ Covered in Incident Response & Breach Notification Procedures.
-
Escalation, executive review, and customer notification steps are included.
Supporting Documentation Available:
-
Crisis Management Policy (internal).
📣 Customer Notifications
-
✅ Yes — Customers (including First Advantage) are notified in a timely manner in the event of a contingency.
-
Defined in Incident Response & Breach Notification Procedures.
🔒 Security During Recovery
-
✅ Yes — Disaster recovery operations use the same security controls as standard operations.
-
AWS security stack + Datto encryption ensure Scoped Data remains protected.
🦠 Pandemic Planning
-
❌ No dedicated “Pandemic Plan.”
-
Philosophy: During COVID-19, eXpress badging® successfully operated without interruption while many organizations closed. We rely on the same adaptive approach if another public health event occurs.
📉 Business Impact Analysis (BIA)
-
❌ No annual BIA conducted.
-
Philosophy: We consider annual BIA consulting engagements to be low-value exercises. Our focus is on:
-
Paying higher wages to employees.
-
Maintaining AWS-based uptime and Datto backup resilience.
-
Reviewing backup/restore processes annually.
-
🧭 NIST CSF 2.0 Alignment
Function | Practices in BC/DR Plan |
---|---|
Identify (ID) | Asset inventory, Scoped Data classification, dependency on AWS & Datto |
Protect (PR) | Backup/restore, AWS redundancy, Datto encryption |
Detect (DE) | Fortra VM monitoring, AWS health dashboards |
Respond (RS) | Crisis management via Incident Response procedures |
Recover (RC) | AWS/Datto restore processes, RTO/RPO definitions |
Govern (GV) | BC/DR policy approved by leadership, owned by Technical Ops |
✅ Key Takeaways for Customers & Auditors
-
Yes, eXpress badging® has a documented BC/DR Policy.
-
Yes, AWS & Datto ensure practical recovery resilience.
-
Yes, HQ and AWS are covered by the Plan.
-
Yes, customer notification is defined.
-
No, we don’t waste profits on redundant annual BIA/BCP exercises — instead, we run a practical, tested, resilient business.