Commit 6bdc2214 authored by Usha Swaminathan's avatar Usha Swaminathan
Browse files

Update BC.1.01_business_continuity_plan.html.md

parent 0cffef95
......@@ -18,25 +18,30 @@ GitLab's business continuity plan is reviewed, approved by management and commun
The review cycle for business continuity plans are designed to ensure all information in the plan is as up-to-date as possible. A business continuity plan is only effective if users can trust the accuracy of the information in the plan. The business continuity plan is meant to be a comprehensive runbook that can walk all GitLab team-members through exactly what their individual responsibilities are, in the event of a disruption to GitLab operations. This triggering event can be anything from a malicious breach of our systems to a global datacenter disruption.
## Scope
The business continuity plan is comprehensive by nature and will impact all GitLab stakeholders. The scope of a Business Continuity Plan can be categorized into the following seven steps:
The business continuity plan is comprehensive by nature and will impact all GitLab stakeholders. The scope of GitLab Business Continuity Plan will cover:
* BC plan for gitlab.com
* BC plan for customers.gitlab.com
* BC plan for license.gitlab.com
## Ownership
* Business Operations owns this control.
* Infrastructure will provide implementation support for .com.
## Guidance
Steps to come up with a comprehensive BC plan, can be categorized into the following seven steps:
* Identify the critical business functions
* Identify the critical systems & its dependencies
* Identify the risks to business
* Specify and confirm the data backup and recovery plans are working efficiently.
* Clearly document the functions and procedures of the BC plan, who should lead the effort and who are all the players involved.
* Document the functions, procedures and key personnel, who should lead the effort and who are all the key players involved.
* Prepare a detailed communication plan
* Test, assess, learn and improve
## Ownership
* Business Operations owns this control.
* Infrastructure will provide implementation support for .com.
## Guidance
The GitLab business continuity plan will have team and departmental pieces that roll up into a comprehensive plan. Each team knows best, as to what steps are needed in the event of a disruption to operations. Hence this overall plan is really more of a collection of individual plans and the packaging of these individual plans together. The plan should include the following:
Based on the above, GitLab business continuity plan will have team and departmental pieces that roll up into one comprehensive plan. Each team knows best, as to what steps are needed in the event of a disruption to operations. Hence this overall plan is really more of a collection of individual plans and the packaging of these individual plans together. The plan should include the following:
 
* Business decided and approved, RTO (recovery time objective) and RPO (recovery point objective)
* This Plan has to be approved and signed off by senior management
* This Plan has to be reviewed, approved and signed off by senior management
* Documentation on critical business requirements, including backup plans, business contingency and other related needs and logistics surrounding these plans.
* High-level steps/procedures that addresses how to respond in the event of the most likely disaster scenarios.
* Once we have a high-level plan we can push this out to teams and have them create team-level plans.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment