Security policy

Business Continuity & Disaster Recovery

Ensures AiVRIC can continue critical services and recover from disruptive events.

Applies to AiVRIC workforce, partners, and subprocessors Trust Center Acceptable use

Purpose & scope

This policy guides how AiVRIC designs, operates, and validates Business Continuity & Disaster Recovery across production, corporate, and partner environments.

It applies to employees, contractors, vendors, and any system interacting with AiVRIC data or services.

Key controls

Define RPO/RTO targets for critical services and validate them through testing.
Maintain backup schedules with encryption at rest and in transit.
Run DR tests at least annually with documented outcomes and improvements.
Document manual workarounds for critical processes during outages.

Operating procedures

Perform tabletop and technical DR tests; capture lessons learned and action items.
Verify backup restore sampling monthly for critical data stores.
Publish status updates to stakeholders during continuity events.

Evidence & ownership

Owner: Security & Compliance. Review cadence: annually or after material changes.

Evidence: Collected via AiVRIC audit logs, ticketing systems, monitoring dashboards, and vendor records as appropriate to this policy area.

Contact: [email protected]

Business Continuity & Disaster Recovery

On this page

Purpose & scope

Key controls

Operating procedures

Evidence & ownership