Pirum’s Business Continuity Planning Statement
Pirum have a comprehensive business continuity plan (BCP) in place to cover multiple scenarios which have the potential to impact Pirum’s ability to provide seamless services to clients. The BCP is updated on an annual basis as a minimum and when new, emerging threats are identified as a potential risk to Pirum employees or services. Likely incident scenarios are tested regularly. Pirum’s BCP is part of our ongoing efforts to ensure service availability in the event of a disaster (e.g. natural disaster, flooding, power outage, pandemic or terrorist attack). Pirum’s contingency plans aim to cover all known eventualities, however unknown threats are not tested for. Pirum continually monitor for emerging threats to the business and conduct risk analysis and mitigation planning based on the likelihood and potential impact of these threats.
In light of recent events, Pirum triggered a review of its contingency plans and updated processes and procedures accordingly. Contingency plans have been updated and BCP testing runbook fully revised. On 4th March 2020, Pirum completed a pandemic contingency test, documented results of the successful test are available on request. Pirum have also conducted a review of its key third-party suppliers and have confirmed that their Business Continuity plans are sufficient and up-to-date.
Secure and highly available Infrastructure
Pirum’s SaaS applications are hosted within our secure, highly available tier 3 data centres in multiple locations. Pirum’s data centres are more than 50km apart and both have diverse power supplies and diverse backbone internet providers to ensure that either can offer redundancy if required to operate as standalone. Applications are architected to be either load balanced across data centres or have a hot standby mirror which is kept in sync. All servers have dual power and uninterruptable power supply devices are in place designed to ensure there is no single point of failure. Pirum frequently test their failover runbook and DR capability (at least every six months) by switching over their full production load from one data centre to another. Pirum’s backup procedures ensure that a real time mirror of all data is kept in sync, copies are taken daily and are held in an offsite location.
Client Support Arrangements
Pirum are able to support the business from the main UK office location, US office location or remotely via secure VPN by employees working from home. An employee emergency messaging system is in place to communicate to all employees with instructions of working arrangements during a disaster scenario. A physical or virtual BCP command team is activated immediately when a disaster trigger event is identified. Pirum have a comprehensive business continuity plan and detailed runbook which has been fully tested. Clients can email firstname.lastname@example.org to review a copy of the test results.
Pirum expect to maintain normal service levels in the event of any business continuity procedure being invoked and will provide alternate lines of communication through the website should any disruption to these occur.
Testing and Assurance
Pirum’s system availability controls and tests are audited annually by external auditors as documented in our SSAE18/ISAE3402 SOC 1 Type 2 Report.