Bxp and Business Continuity

From All n One's bxp software Wixi

Jump to: navigation, search

1 Concepts

1.1 Business Continuity

Wikipedia defines Business Continuity as:


Business continuity encompasses a loosely defined set of planning, preparatory and related activities which are intended to ensure that an organization's critical business functions will either continue to operate despite serious incidents or disasters that might otherwise have interrupted them, or will be recovered to an operational state within a reasonably short period. As such, business continuity includes three key elements:

  1. Resilience: critical business functions and the supporting infrastructure are designed and engineered in such a way that they are materially unaffected by most disruptions, for example through the use of redundancy and spare capacity;
  2. Recovery: arrangements are made to recover or restore critical and less critical business functions that fail for some reason.
  3. Contingency: the organization establishes a generalized capability and readiness to cope effectively with whatever major incidents and disasters occur, including those that were not, and perhaps could not have been, foreseen. Contingency preparations constitute a last-resort response if resilience and recovery arrangements should prove inadequate in practice.


http://en.wikipedia.org/wiki/Business_continuity


1.2 High Availability

bxp is built in a High Availability manner. http://en.wikipedia.org/wiki/High_Availability


There are three principles of high availability engineering. They are

  1. Elimination of single points of failure. This means adding redundancy to the system so that failure of a component does not mean failure of the entire system.
  2. Reliable crossover. In multithreaded systems, the crossover point itself tends to become a single point of failure. High availability engineering must provide for reliable crossover.
  3. Detection of failures as they occur. If the two principles above are observed, then a user may never see a failure. But the maintenance activity must.


2 Delivery

2.1 Resilience

In order to deliver against these goals All n One has employed a number of elements:


Our High Availability infrastructure removes single points of failures in any single piece of equipment. The_bxp_Infrastructure


Our capacity planning ensures that our services are capable of handling significant load bxp_Infrastructure_Capacity


bxp is operated in a quality way. All n One define quality as "an objective, measured approach to delivering a subjective need". For this reason All n One adopt and are adopting a number of international standards to improve the resilience of the solution.

  • XHTML 1.0 (100% as of October 2008)
  • CSS 2.0 (100% as of October 2008)
  • W3C Level A Accessibility (100% as of June 2009)
  • OWASP Guidlines (100% as of September 2009)
  • ISO 27001 (80% as of August 2014)
  • COBIT (70% as of August 2014)
  • ENISA (90% as of August 2014)


bxp is developed using a structured project Agile Development methodology. BXP also uses ADDIE and prototyping development methodologies depending on what is best for client project development. All_n_One_Project_Development_Approach


bxp is tested internally in a structured manner. For more information on our security and testing please review bxp_Security_and_Testing


All n One is very aware of its requirements under Data Protection as a data processor. We advise our clients to be aware of their data controller and processor requirements. We have published guidelines and advisory material on the area Data_Protection_and_Data_Retention


2.2 Recovery

2.2.1 Backups

All n One operate backup plans on a number of levels of the solution:

  1. Client backups Bxp_Backups
  2. Solution backups
  3. Infrastructure backups
  4. Administration and Support backups


Each backup operation has a separate set of procedures associated with them which is available if required through your Business Development manager. The only backup of operational influence to a bxp software client are the Client Backups. All other operations are All n One managed procedures.

2.2.2 Operational Service Level Agreements

The details of operational SLAs are particular to a client and their operational needs. The specifics of your SLA is detailed within you contract. A copy of which is available through your Business Development manager.

2.2.3 Equipment Replacement

If a piece of equipment in the office is not longer usable, it is replaced by one of the spare pieces of equipment located in either the warehouse or in the asset cabinet. If a replacement is not available in either of those locations a replacement piece of equipment is purchased with managements permissions.

2.2.4 AWS Monitoring

In the event that your server's critical hardware fails, to the extent that it is not able to function as a web-server, AWS will provide 24/7 support to rectify the problem with tier escalation for faults. Our off site redundancy infrastructure is based in Paris, France and will take over the bxp operation in the event of AWS Ireland Failure.

2.3 Contingency

2.3.1 System Management and the Hamsters

bxp operates a real-time monitoring and classification engine that is based on Microsoft Internet Information Server (IIS) error messages. The system also generates a number of non-critical error messages related to security and help request functionality built into bxp. Details are available from Meet_the_Hamsters


2.3.2 System Support and Development

bxp is an evolving solution. For this reason there are numerous support and development mechanisms implemented throughout bxp. More information on system support is available from Understanding_bxp_Support

2.3.3 AWS

The entire bxp infrastructure is currently implemented by Amazon Web Services (AWS) in Dublin.


Further details of the our hosted environment are located here. Bxp_software_in_AWS_Cloud_Services


2.3.4 AWS Live Monitoring

All n One will be immediately notified by AWS of any system failures should they happen by AWS. They provide 24/7 support to the bxp team and will notify us by email of excessive CPU/RAM usage, low storage capacity, network traffic, IIS failure and SQL failures.

2.3.5 ENISA

Wikipedia describes ENISA as: http://en.wikipedia.org/wiki/ENISA


European Network and Information Security Agency (ENISA), is an agency of the European Union. ENISA was created in 2004 by EU Regulation No 460/2004 and is fully operational since September 1st, 2005.


The objective of ENISA is to improve network and information security in the European Union. The agency has to contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the EU Internal Market.


ENISA assists the Commission, the Member States and, consequently, the business community in meeting the requirements of network and information security, including present and future EU legislation. ENISA ultimately strives to serve as a centre of expertise for both Member States and EU Institutions to seek advice on matters related to network and information security.


As part of ENISA's work they have developed

http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-information-assurance-framework


bxp is delivered against this assurance framework with secure details available to clients through your Business Development manager.