d2go provides hosted products and services, including but not limited to The Driver Challenge. As part of our hosting services, d2go strives to provide a stable and highly available hosting system for resellers and end-users, so that they do not have to worry about server and database issues. This document outlines plans and processes put in place by d2go to ensure business continuity in the event of an incident, and to provide as quick and effective recovery of services as possible.
All emergency requests can be directed via email using the following address: oncall@d2go.io. Systems are monitored 24 hours a day, 7 days a week.
All critical services must have a least nightly backups, stored in a separate physical location. All backups must be verified and regular testing of backup recovery must be performed, and must be accessible to approved personnel at all times.
The following services are considered critical:
There are any number of potential disruptive threats which can occur at any time and affect the normal business process. We have considered a wide range of potential threats and the results of that analysis are included in this section. The focus here is on the level of business disruption which could arise from each type of disaster.
d2go has partnered with Amazon and other providers to leverage their multi-location, fully redundant data centers and services. Critical services are housed and managed within this geo-redundant environment.
This environment essentially removes the impact of many of the typical disaster threats, including floods, fire, weather, etc. Any localized threat or disaster may temporarily impact service but with the tools at d2go's disposal, we can very quickly divert all systems to another location. Down time for customers would be very limited and data loss at a minimum. Proprietary data needed by d2go critical to restore services is kept to a minimum; the largest volumes of data stored can be recovered from Geotab servers following a failure.
Key trigger issues at Geotab that would activate the GRIDIRON are:
When an event occurs, the ERT must be notified. Based on the event, its impact and the severity, the team will then decide on an appropriate response. The responsibilities of the ERT are:
The DRT will be contacted and assembled by the ERT, and is made up of all necessary on-call personnel. The team's responsibilities and objectives include:
The company legal department and ERT will jointly review the aftermath of the incident and decide whether there may be legal actions resulting from the event; in particular, the possibility of claims by or against the company for regulatory violations, data breach notification obligations, etc. An initial financial assessment should also be prepared on the impact of the incident on the financial affairs of the company.
Disaster recovery plan exercises are an essential part of the plan development process. In a DRP exercise no one passes or fails; everyone who participates learns from exercises – what needs to be improved, and how the improvements can be implemented. Plan exercising ensures that emergency teams are familiar with their assignments and, more importantly, are confident in their capabilities.
Successful DR plans launch into action smoothly and effectively when they are needed. This will only happen if everyone with a role to play in the plan has rehearsed the role one or more times. The plan should also be validated by simulating the circumstances within which it has to work and seeing what happens.