As global concerns continue to rise due to the ongoing spread of the COVID19/Coronavirus, NetDocuments has been asked about its preparation to deal with a pandemic disease incident.
A pandemic is defined as an outbreak of a disease that occurs over a wide geographic area and affects an exceptionally high proportion of the population. (from www.Merriam-Webster.com) Although a company’s response to a pandemic health incident is generally grouped under its business continuity preparation, many organizations have specific responses and processes in place to respond to pandemic health incidents. Companies adopt this strategy because the demands of a pandemic health incident are likely to be significantly different than the demands of a more “traditional” business continuity incident, such as the failure of a data center or the loss of a major administrative building.
NetDocuments maintains active business continuity and disaster recovery plan (BC/DR plan) and tests the key subsystems covered by the plan each quarter. NetDocuments also maintains a separate pandemic health incident response plan which is reviewed by the company’s Information Security Management System (ISMS) Executive Oversight Committee (EOC) at least annually. The following questions and responses provide more insight into NetDocuments’ BC/DR and pandemic incident response plan.
- Does NetDocuments have up to date business continuity plans, and have they been tested successfully in the last 12 months?
Yes. As stated above, NetDocuments maintains a BC/DR plan for its Services and its supporting administrative infrastructure. The key subsystems of this plan are internally audited each quarter. The BC/DR plan is also independently audited annually for NetDocuments ISO 27001 certification and again for NetDocuments’ annual Type 2 SOC 2 audit for Security, Availability, and Privacy controls.
- Do NetDocuments’ plans cover an epidemic or pandemic resulting in a large proportion of the company’s staff being unable to travel to/from their places of work/client sites?
Yes. NetDocuments maintains a separate, comprehensive plan for dealing with pandemic health incidents. The pandemic influenza business continuity plan is reviewed by the company’s Information Security Management System (ISMS) Executive Oversight Committee (EOC) at least annually. The Compliance Department periodically reviews elements of these plans with company executive leadership, managers, and employees.
- Primarily, does NetDocuments have robust plans in place to continue to provide its contracted levels of service?
Yes. NetDocuments’ BC/DR plan requires full redundancy of all key subsystems within its service. The plan also requires NetDocuments to maintain processes and practices which enable personnel to provide key services during a BC/DR incident. These requirements extend to potential pandemic health incidents that may degrade or block normal operations.
- Does NetDocuments have a plan to ensure the safety of all its employees?
Yes. In the event of a BC/DR event, including a pandemic health incident, NetDocuments can contact employees and implement contingency plans which include the following options:
- Staggered work shifts
- Restrict workplace entry of people with symptoms of the pandemic illness
- Shelter at home
- Limit employees who come to work
- Designate a temporary, alternative site or sites for company administrative operations
- Do NetDocuments’ key employees have the ability to work remotely with access to critical services, email, telephony, etc. to ensure continuity of service?
Yes. All key employees are issued company laptops and have cellphones that can be used to connect to NetDocuments resources and other employees. NetDocuments has key communication services, including email, messaging and chat services, and document management services hosted by cloud vendors to provide robust access and DR capacity in the event NetDocuments’ facilities are not available.
- Does NetDocuments have a plan for self-quarantine?
Yes. NetDocuments’ pandemic health incident plan does include provisions for staggered work shifts, restricted access to workplaces, and having employees work from home or other remote locations to limit social exposure.
- Does NetDocuments have a communication plan to keep its employees and clients informed of changing circumstances?
Yes. NetDocuments has processes and procedures in place for informing customers of changing circumstances through digital notice, utilizing postings on the NetDocuments support website and emails to designated customer contacts, supplemented by direct outreach by assigned NetDocuments representatives as needed. NetDocuments has processes and procedures in place to inform employees of changing circumstances through call trees, emails, and chat services.
- Has NetDocuments obtained confirmation from its critical supply chain of preparations like those described above? If not, are there plans to obtain it?
Yes. NetDocuments regularly evaluates the BC/DR plans or obtains independent audit reports that include an evaluation of such plans of its key vendors and suppliers, supplemented by on-site audits.
NetDocuments recognizes the critical role its services play in its customers' operations. The company regularly reviews its BC/DR preparations, including its preparations for addressing pandemic health incidents, and makes changes and improvements to its processes and procedures as part of its commitment to continual improvement. If you need more information on this topic, you may contact the NetDocuments Compliance Department at firstname.lastname@example.org.
Vice President of Compliance