Business Continuity and Disaster Recovery
We understand that reliable access to our services is important. Using a holistic and integrated approach, Visier has developed and implemented business continuity and disaster recovery measures to ensure you can continue to access Visier solutions and services during a major disruption or disaster.
Our integrated approach for ensuring the resiliency/recovery of our services and operations is guided by the Visier Business Continuity Policy. Several teams across Visier work together to maintain business continuity plans and processes to ensure the organization is capable of operating critical functions during a major disruption or disaster (e.g. natural calamities, pandemic outbreak). The Executive Management team has defined a comprehensive business continuity strategy covering:
- Disaster Recovery
- Business Continuity
Visier’s Disaster Recovery Plan (DRP) addresses the recovery/resilience of information assets (e.g. customer data, networks, servers, and other resources within the data centers) to ensure customers are able to access the Visier Solution in the event of a disaster. The DRP is regularly tested to ensure that services can be recovered within the stipulated timelines. The DRP is reviewed at least annually by Visier management and our external auditor (as part of the annual SOC 2 Type II audits) and updated based upon lessons learnt.
Visier’s Business Continuity Plan (BCP) addresses risks across several areas (including human, business, and technology) to ensure we are able to continue business operations in the event of a disaster. To ensure the plan addresses different teams and requirements, our business continuity planning process involves the whole organization. Amongst other areas, the plan covers the following:
- Secondary and alternative measures are considered and implemented when primary resources or functions are impacted as a result of a disaster.
- Pandemic Planning, and the maintenance of holistic health and safety plan to ensure the well-being of Visier employees, customers, and stakeholders.
- Ensuring employees are well-equipped with secure technologies to work remotely for prolonged periods during times Visier’s offices are unavailable for any reason.
- Performing regular testing and other validation procedures to ensure we are still able to meet security and availability commitments to customers.
- Identifying and training resources (e.g. table-top exercises, other simulated activities) to ensure critical resources can be recovered within the stipulated timelines.
Our well-rehearsed business continuity strategy became a critical asset in navigating the turbulence of COVID-19. Guided by Visier’s overarching Business Continuity Policy, each operational team triggered their continuity plans/processes and worked cross-functionally to coordinate the execution of our strategy. During the first weeks of the pandemic, Senior Management led several meetings to validate the effectiveness of our plans and to ensure all critical plans were reviewed in detail. Changes were made as necessary to enable us in continuing business operations as usual.
With most of our employees working from home, our Information Security (IS) and Information Technology (IT) teams have reviewed their infrastructure and network plans to ensure our workforce has secure and uninterrupted connectivity to corporate resources. Further, only company-issued and authorized devices can connect to Visier’s corporate network. Employees’ access to the corporate network must be done securely through VPN and multi-factor authentication (MFA).
All corporate laptops are fully-encrypted. Customer data always resides within the secure confines of Visier’s data centers and remains protected via robust technical controls.
All corporate devices are securely configured against Visier’s system hardening standards which are based on industry standards and best practices. Such requirements also cover the provisioning of endpoint detection and response software, tamper-proof security settings, and regular system/application security patches and updates by default.
Our infrastructure is designed and architected to be highly available. Visier’s data centers are physically dispersed within each of our geographical regions (Canada, the United States, and Germany) for redundancy and to minimize impacts to the availability of our solution in the event of an environmental disaster.
Apart from maintaining geographically dispersed data centers, we also rely on Amazon Web Service’s (AWS) Availability Zones (AZ) for system resiliency and multi-site redundancy that enable encrypted and near-time data replication and recovery. This structure enables customers to access their data despite environmental threats in their region.
We designed our solutions to be available around-the-clock except during maintenance windows, which are used to perform system updates, infrastructure, security, and technology upgrades. You can view our near real-time system uptime reporting at https://status.visier.com/.