Effective Date: 18 november 2024
Issued by: Neobank Capital
Approved by: Chief Risk Officer (CRO) & Chief Information Security Officer (CISO)
1. Purpose
The purpose of this BC/DR Policy is to ensure that Neobank Capital can continue critical operations, protect customer data, and restore services quickly in the event of a disruption, including:
- Cybersecurity incidents or data breaches
- System outages or cloud service failures
- Natural disasters, pandemics, or geopolitical events
- Operational or infrastructure disruptions
This policy ensures the company maintains resilience, regulatory compliance, and customer trust.
2. Scope
This policy applies to:
- All employees, contractors, vendors, and third-party service providers.
- All Neobank Capital applications, systems, cloud environments, APIs, and decentralized platforms.
- Critical business functions including transaction processing, account management, customer support, and regulatory reporting.
3. Business Continuity Principles
- Risk Assessment: Identify potential threats and assess their impact on operations.
- Critical Function Prioritization: Determine essential services and define Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).
- Resilience by Design: Implement redundancies, failover systems, and distributed infrastructure to minimize disruption.
- Communication: Maintain clear internal and external communication channels during disruptions.
- Regulatory Compliance: Ensure compliance with GDPR, UK GDPR, CCPA, and financial regulations during recovery efforts.
4. Disaster Recovery Principles
- Data Backups: Regularly backup all critical systems, applications, and databases.
- Secure Storage: Maintain backups in geographically diverse, encrypted, and access-controlled locations.
- Recovery Testing: Conduct periodic DR tests to ensure systems can be restored quickly and accurately.
- Failover Procedures: Predefine failover strategies for critical systems, including decentralized financial services infrastructure.
- Post-Disaster Evaluation: Analyze recovery performance and implement improvements.
5. Roles and Responsibilities
Role | Responsibility |
BC/DR Coordinator (CRO) | Leads planning, testing, and activation of BC/DR procedures. |
CISO / Security Team | Ensures IT systems, cloud services, and decentralized infrastructure are secure, resilient, and recoverable. |
Data Protection Officer (DPO) | Oversees data protection compliance during continuity and recovery activities. |
Department Heads | Maintain continuity plans for their functional areas and ensure staff readiness. |
Employees / Contractors | Follow BC/DR procedures and report any issues promptly. |
6. Business Continuity Planning (BCP)
- Identification of Critical Functions: Define core services such as account access, fund transfers, crypto-wallet management, and regulatory reporting.
- Alternate Work Sites: Ensure remote or alternate office capabilities for staff during site disruptions.
- Resource Inventory: Maintain a list of critical resources, systems, personnel, and suppliers.
- Communication Plan: Define internal and external notification channels for employees, customers, regulators, and vendors.
7. Disaster Recovery Planning (DRP)
- IT Recovery Strategies: Include restoration of databases, cloud services, blockchain nodes, APIs, and applications.
- Recovery Time Objectives (RTOs): Maximum acceptable downtime for critical systems.
- Recovery Point Objectives (RPOs): Maximum acceptable data loss in case of disruption.
- Testing: Conduct quarterly DR drills and annual full-scale simulations.
- Documentation: Maintain detailed DR manuals, including step-by-step recovery procedures.
8. Incident Response Integration
- BC/DR plans are integrated with the Incident Response Policy to ensure coordinated action during cyberattacks or data breaches.
- Critical incidents trigger activation of BC/DR procedures and escalation to the Incident Response Team (IRT).
9. Vendor and Third-Party Continuity
- Evaluate third-party vendors’ BC/DR capabilities before engagement.
- Include service-level agreements (SLAs) and recovery requirements in contracts.
- Regularly audit vendors to ensure their readiness aligns with Neobank Capital standards.
10. Training and Awareness
- Annual BC/DR training for all employees and contractors.
- Periodic tabletop exercises simulating different disaster scenarios.
- DR simulation results are reviewed, and improvements are implemented.
11. Monitoring, Testing, and Review
- Conduct continuous monitoring of critical systems to identify vulnerabilities.
- Test BC/DR plans quarterly for IT systems and annually for full organizational readiness.
- Review and update the policy and plans annually or after any disruption or regulatory change.
12. Documentation and Record-Keeping
- Maintain records of:
- BC/DR plans and updates
- Test results and simulations
- Incident activations and recovery reports
- Retain documents for at least 5 years or as required by law.
13. Communication Protocol
- Internal: Notify employees and stakeholders immediately during disruptions.
- External: Inform customers and regulators in compliance with privacy and financial regulations.
- Public Statements: Coordinated by the Communications Officer and Legal Team.
14. Policy Enforcement
- Violations of BC/DR procedures may result in:
- Employee or contractor disciplinary action
- Suspension of access to systems
- Legal action for willful negligence
15. Contact Information
Business Continuity & Disaster Recovery Coordinator (CRO)
📧 bcdr@neobank.capital
Chief Information Security Officer (CISO)
📧 security@neobank.capital
Data Protection Officer (DPO)
📧 privacy@neobank.capital