Version 2.0
Prepared by: Andrii Burak, CEO Relevant Software
Approved by: @Simon Cooper
Reviewed date: 2025-11-01
Next review date: 2026-11-01
Website: www.relevantsoftware.com
Confidentiality: For internal and client assurance use only
This plan prepares Relevant Software to respond effectively to emergencies, including military invasion threats, infrastructure failures, and other disruptive incidents. It enables rapid recovery and return to normal operations while ensuring company resilience across staff, infrastructure, data, and service delivery. The plan addresses physical, digital, and geopolitical risks.
Relevant Software aims to:
Respond rapidly and effectively to disruptive incidents
Maintain uninterrupted delivery of client-critical services
Ensure data protection and operational continuity in compliance with ISO 27001
Resume full operations quickly and safely following an incident
This plan applies to:
All employees, contractors, and partners of Relevant Software
All offices, remote teams, and cloud-based infrastructure
All systems supporting client delivery and internal operations
The plan addresses the following categories:
Cybersecurity incidents: Ransomware, data breaches, DDoS attacks, unauthorized access
Infrastructure incidents: Internet/power outages, equipment failure, cloud provider downtime
Personnel incidents: Illness, injury, evacuation, or unavailability of key staff
Physical security incidents: Premises damage, loss of utilities, armed conflict
Pandemics or public-health emergencies: Remote-first operations
Third-party/vendor disruptions: Failure of external suppliers or tools
Role | Responsibilities |
CEO (Andrii Burak) | Executive oversight, external communications, strategic decisions |
Delivery Director (Nataliia Dynka) | Service continuity, project reassignment, client communication |
HR Manager (Anna-Mariia Bilan) | Staff welfare, relocation, mental-health support, annual testing, documentation, and reporting |
Security Officer (Taras Kukharuk) | Cyber-incident response, forensic analysis, data recovery, infrastructure access management, system restoration |
A regularly updated inventory is maintained for:
Source control: GitHub, Bitbucket
Cloud hosting: AWS (EU region, multi-AZ)
Communication: Slack, Email
Project management: Jira
Documentation: Google Workspace
Each system has defined RPO (Recovery Point Objective) and RTO (Recovery Time Objective) targets and backup schedules.
Immediately isolate affected systems
Notify the Security Officer and CEO
Switch to clean backup environments if needed
Communicate with clients within 4 hours
Activate backup power or relocate operations
Staff may use personal or reserve equipment
Cloud backups ensure zero data loss
Recruit temporary or full-time replacement
Operations continue remotely
Identify impact scope and activate alternative providers (e.g., AWS to Azure)
Vendor continuity is reviewed annually.
Internal Channels: Slack, phone tree, email
External (Clients):
Primary: Delivery Director
Backup: CEO
Message Templates: Status updates, resolution confirmations, and post-incident reports are available.
Type | Frequency | Responsible |
Tabletop drill | Annually | Security Officer (Taras Kukharuk) |
System restoration test | Quarterly | Security Officer (Taras Kukharuk) |
Full BCP review | Annually | CEO (Andrii Burak), Delivery Director (Nataliia Dynka) |
Post-incident debrief | Within 14 days | Incident Team |