Synthetic Users Business Continuity Plans (BCP)

Version: 1.1

Effective Date: 29th April 2025

Approved By: Kwame Ferreira, CEO

Owner: Kwame Ferreira, CEO (CEO)

1. Purpose and Scope

Purpose:

To ensure the continued operation of critical business functions and rapid service recovery in the event of a major disruption, minimizing impact to customers, partners, and employees.

Scope:

This plan applies to all Synthetic Users business units and covers:

SaaS platform operations and hosting infrastructure
Customer support and success functions
IT and cybersecurity systems
Finance, billing, and legal operations
HR and employee management processes

2. Ownership and Maintenance

BCP Owner: Kwame Ferreira, CEO (CEO)
Review Frequency: Bi-annually or immediately following a significant incident or organizational change
Change Management: Updates are logged in the BCP Change Register, reviewed by the BCMT, and approved by the CEO

3. Business Continuity Management Team (BCMT)

Role	Name	Responsibility
Leader	Kwame Ferreira (CEO)	Overall coordination, activation/deactivation authority
Technology & Infrastructure	Artur Ventura (CTO)	Cloud recovery, backups, system restoration
Finance & Legal	Zumbi Ferreira (CFO)	Financial continuity, legal compliance, insurance
HR & Communications	HR Director	Employee safety, internal comms, wellbeing
Client Support & Relations	Customer Success Manager	Customer communication, support continuity

4. Critical Business Functions and Priorities

Function	Description	Priority	RTO	RPO
SaaS Operations	Core product availability and hosting	1	2 hours	15 minutes
IT Infrastructure & Security	Data protection, encryption, and access systems	1	2 hours	15 minutes
Customer Support	Communication with clients and ticket resolution	2	4 hours	1 hour
Finance & Billing	Payment processing, payroll, and vendor management	3	12 hours	4 hours
Human Resources	Staff communication and administration	4	24 hours	12 hours

5. Risk Assessment and Impact Analysis

Risk Categories:

Cloud or hosting platform outage
Cybersecurity breach or ransomware attack
Loss of key personnel
Natural disasters or regional power failures
Pandemic or large-scale health event
Legal or regulatory disruption

Each risk is evaluated for likelihood, impact, and recovery complexity, and tracked in the Risk Register.

6. Recovery Strategies

Technology and Infrastructure

Redundant infrastructure hosted across multiple AWS regions (EU and US)
Automated daily backups (AES-256 encrypted) with 30-day retention
Recovery Time Objective (RTO): 2 hours
Recovery Point Objective (RPO): 15 minutes
AWS disaster recovery features (multi-AZ replication and snapshots)

Customer Support Services

Remote-ready support team with cloud ticketing and communication tools (email, chat, Slack)
Backup email notification list for service updates during outages

Finance and Billing

Cloud-based systems (e.g., Stripe, Xero) with data redundancy and offline access capability

Human Resources

Remote work infrastructure for all employees
Crisis communication channel (Slack + email)
Employee assistance and wellbeing program

7. Incident Response and Plan Activation

7.1 Detection and Assessment

BCMT monitors alerts and internal reports for operational disruption.
Initial assessment determines severity, affected systems, and potential downtime.

7.2 Activation Criteria

Triggered when any Priority 1 or 2 function is disrupted beyond its RTO.
The BCMT Leader authorizes activation and coordinates communication.

7.3 Communication Plan

Internal:
- Notify all employees via Slack and email.
- Daily updates to management during active recovery.
External:
- Client and partner notifications coordinated by the Customer Success Manager.
- Public updates via website status page or direct communication if required.

7.4 Recovery Procedures

Recovery follows predefined steps in the Recovery Procedures Appendix for each function.
Each recovery phase is logged in the Incident Log (system recovery time, decisions, contacts).

7.5 Deactivation

BCMT Leader deactivates the plan once normal operations are restored and verified.

8. Training and Testing

Annual BCP training for all BCMT members and department heads.
Bi-annual simulations covering scenarios such as cloud outage, ransomware, and data loss.
Post-test reviews identify improvements and update the plan accordingly.

9. Change Management

Updates triggered by infrastructure changes, new dependencies, or after incident reviews.
All revisions recorded with date, author, and summary of changes.
Archived versions retained for three years for audit purposes.

10. Post-Incident Review

Conducted within 10 business days after plan deactivation.
Includes lessons learned, timeline analysis, and system hardening recommendations.
Results documented in the Post-Incident Review Report and incorporated into future BCP updates.

Synthetic Users Business Continuity Plans (BCP) ​

1. Purpose and Scope ​

2. Ownership and Maintenance ​

3. Business Continuity Management Team (BCMT) ​

4. Critical Business Functions and Priorities ​

5. Risk Assessment and Impact Analysis ​

6. Recovery Strategies ​

Technology and Infrastructure ​

Customer Support Services ​

Finance and Billing ​

Human Resources ​

7. Incident Response and Plan Activation ​

7.1 Detection and Assessment ​

7.2 Activation Criteria ​

7.3 Communication Plan ​

7.4 Recovery Procedures ​

7.5 Deactivation ​

8. Training and Testing ​

9. Change Management ​

10. Post-Incident Review ​

​