I&U CPA LLC (we, us, the firm, I&U CPA hereafter) views recovery of its business operations and supporting technology, Business Continuity (“BC”) and technology Disaster Recovery (”DR”) respectively, as a critical and fundamental part of its ability to fulfill its fiduciary responsibilities to clients. As such, significant resources and effort are dedicated to these programs.
We maintain business continuity and crisis response plans to facilitate the continuity of business in the event of a business disruption. I&U CPA’s executive management is responsible for oversight and governance of the firm’s BC program.
In order to maintain a resilient technology environment, the DR program has implemented strategies for near zero downtime and near zero data loss for all applications that support critical business processes as defined by the BC Program.
I&U CPA’s BC/DR programs have several key elements, including:
There are three main areas of focus that comprise the BC/DR planning that we perform:
1. Business Continuity Plans: We maintain Business Continuity Plans (BCPs) for each business function. The BCPs have the following two components:
2. Disaster Recovery Plans: Disaster Recovery Plans (DRPs) incorporate fail over strategies and are comprehensive enough to recover from a disruptive event affecting a data center yet modular enough to recover from the loss of a single server. The key elements of the DRPs include:
3. Crisis Management: We have a program devoted to response planning which includes a full-featured Crisis Management framework that includes the following tools:
We exercise BCPs to ensure the procedures for recovering business operations are appropriate, and that key personnel are familiar with documented procedures. Broadly, the firm utilizes the following recovery strategies in its BCPs:
BCM exercise results are documented and reviewed with all involved participants following each exercise. Recommendations for improvements to the recovery process are identified and any corrective actions clearly defined.
We conduct an annual technology DR test. Following each test the report identifies:
One of the key components of the BCM planning process is our supplier management framework, which includes periodic reviews of the business continuity programs for key service providers. Risk assessments are used to determine the criticality of each service provider. For the most critical service providers, we conduct targeted reviews and evaluations of BCM plans and, where appropriate, on-site visits.