Skip to Content
Nemu Inc.
Operational Resilience🧭 Crisis Management and BCDR Plans

🧭 Crisis Management and BCDR Plans

1. Purpose

This document describes Nemu Inc.’s crisis management and business continuity/disaster recovery (BCDR) planning.

2. Scope

Covers:

  • Major outages of Supabase, Render, or Google Workspace.
  • Security incidents with significant business impact.
  • Other events that materially impair service delivery.

3. Crisis Management Structure

  • Incident Commander (IC): Typically a senior engineering or leadership role.
  • Technical Lead(s): Investigate and remediate technical issues.
  • Communications Lead: Handles internal and customer communication.

4. BCDR Principles

  • Leverage CSP redundancy and backup capabilities.
  • Maintain configuration and code in version control for rapid redeployment.
  • Ensure key team members can access critical tools remotely.

5. Response Activities

  1. Assess and Classify the Event.
  2. Activate Crisis Team and Communication Channels.
  3. Implement Technical Response (failover, rollback, workaround).
  4. Update Customers and Stakeholders.
  5. Document the Incident and Outcomes.

6. Recovery Objective Evaluation and Continuous Improvement

  • Documented in an internal incident or test review.
  • Assessed for root cause and impact.
  • Assigned clear improvement actions with owners and deadlines.
  • Tracked to completion through our internal issue-tracking system.
  • Re-validated during future tests to ensure the improvement is effective.

This ensures a continuous-improvement loop for our Business Continuity and Disaster Recovery capabilities.

7. Customer Communication During Response & Recovery

  • Timely Customer Notifications: Clients are informed when an incident affects service availability, data, or performance.
  • Status Updates: Ongoing updates are provided through designated channels until full resolution.
  • Clear Communication Procedures: Incident response documentation defines who communicates, how, and under what circumstances.
  • Post-Incident Summary: After major events, customers may receive a summary of impact, root cause, and corrective actions.

8. Cloud Backup Procedures

  • Automated Daily Backups: Supabase (Postgres) automated backups and point-in-time recovery (PITR) capabilities are enabled.
  • Storage Redundancy: Supabase Storage assets are replicated across availability zones to prevent data loss.
  • Configuration Backup: Infrastructure and application configurations are stored in version-controlled repositories, ensuring rapid rebuild capability.
  • Verification & Testing: Backup restoration tests are periodically performed to validate recoverability.
  • Access Control: Backup access is restricted to authorized personnel only, following least-privilege principles.
  • Retention Policies: Backups are retained according to defined retention schedules aligned with business and compliance needs.

These backup procedures ensure resilience, data integrity, and rapid recovery from failures or incidents.

9. Audit Evidence

  • BCDR plan summaries and runbooks.
  • Example communications from past major events (redacted).
  • Post-incident reviews highlighting continuity actions.

10. Compliance Mapping

  • SOC 2: CC7.3
  • ISO 27001:2013: A.17.1.2, A.17.1.3

Contact: support@mynemu.com
Β© 2025 Nemu Inc.. All rights reserved.

Last updated on
πŸ” Business Resilience PolicyπŸ“‰ Enterprise and Location Risk Assessments