Disaster Recovery Plan (DRP)

Version: 2.3
Date: December 2024

Table of Contents

1. Introduction
2. Purpose
3. Scope
4. Assumptions
5. Recovery Teams
6. Team Member Responsibilities
7. Disaster Declaration
8. Invoking the Plan
9. Recovery Time Objective (RTO)
10. Recovery Point Objective (RPO)
11. External Communications
12. Vendor Communication Protocol
13. Crucial Vendor Contact Information
14. Data Management and Backups
15. Security Assessment for Disasters
16. Plan Review and Maintenance
17. Status Reporting to Event Manager
18. Determining the Course of Action

1. Introduction

This Disaster Recovery Plan outlines the procedures and actions Monada.ai must follow to recover from disasters, minimizing disruptions and restoring core operations effectively.

2. Purpose

The plan’s key objectives are:

• Rapid identification and resolution of disasters.
• Minimizing disruption and economic impact.
• Establishing predefined alternative operational processes.
• Training personnel on emergency procedures.
• Ensuring smooth service restoration within the defined RTO.

3. Scope

This DRP focuses exclusively on Monada.ai's production operations that directly impact customer experience and data. Other scenarios, such as personnel, real estate, or HR issues, are outside this plan’s scope and addressed in the company’s Business Continuity Plan.

4. Assumptions

• Key personnel or their alternates will be available during a disaster.
• This document will remain accessible in a secure, redundant environment.
• A single, unified recovery procedure will be in place for critical resources.

5. Recovery Teams

• Event Manager: Oversees the overall disaster recovery process. Shahar Weinberg, CEO
• Disaster Recovery Team (DRT): Executes recovery operations.: Adi Ben Mayor, CPO

6. Team Member Responsibilities

• Designate an alternate for each team member.
• Maintain and regularly update contact lists.
• Ensure all team members are familiar with this DRP.

7. Disaster Declaration

A disaster is declared when any of the following occurs:

• Service disruption for at least 10% of customers.
• Failure of a core system component.
• Disruption of critical workflows.

8. Invoking the Plan

Upon declaring a disaster, the DRP is activated, and problem management protocols are followed until normal operations resume.

9. Recovery Time Objective (RTO)

• RTO: 24 hours

10. Recovery Point Objective (RPO)

• RPO: 12 hours

11. External Communications

• Public Relations (PR): Manages external communication with customers and media.
• Legal Team: Handles interactions with legal authorities.

12. Vendor Communication Protocol

The DRT will immediately notify relevant vendors upon disaster declaration.

13. Crucial Vendor Contact Information

Critical vendor contact details are available in Monada.ai's secure repository.

14. Data Management and Backups

• Daily backups are maintained for critical databases and application file systems.
• Backup data is retained for 25 days in a geographically remote location.
• Access to backups is restricted to authorized personnel.

15. Security Assessment for Disasters

In the event of a security breach, the CISO conducts a thorough assessment to identify affected systems.

16. Plan Review and Maintenance

• Annual review and biannual testing (mock disasters, walkthroughs, or component testing).
• Regular updates to personnel and contact information.

17. Status Reporting to Event Manager

The DRT provides updates to the Event Manager, including:

• Disaster type and damage summary.
• Ongoing recovery efforts and required resources.

18. Determining the Course of Action

The Event Manager decides on the next steps based on DRT input:

• No Disaster Declared: Address the issue without activating the DRP.
• Disaster Declared: Implement recovery procedures immediately.

For further details on team roles, contact lists, or process flows, refer to the appendices.

‍