1. Introduction This Business Continuity Plan (BCP) outlines InterFulfillment’s procedures and processes to ensure the company’s critical functions continue during and after a disaster or disruptive incident. The goal is to minimize operational downtime, protect our clients’ interests, and ensure a swift return to normal operations.

2. Objectives

• To identify critical business functions and prioritize their restoration.
• To outline roles, responsibilities, and communication protocols in response to disruptive incidents.
• To maintain client satisfaction and uphold contractual agreements.
• To mitigate financial losses and operational disruptions.
• To ensure employee safety and regulatory compliance.

3. Scope This plan applies to all facilities, employees, data, systems, and processes necessary for the day-to-day functioning of InterFulfillment.

4. Key Risks and Impact Assessment

Potential risks that could disrupt business operations include:

• Natural Disasters: Floods, earthquakes, fires, storms.
• Technical Disruptions: IT system failures, cyberattacks, data breaches, power outages.
• Supply Chain Disruptions: Carrier, border and rail disruptions
• Human Resources Risks: Key personnel unavailability, pandemics, labor shortages.

5. Business Impact Analysis (BIA)

A BIA identifies critical business functions and prioritizes their restoration based on their impact on business operations. Below are key functions and their corresponding Maximum Tolerable Downtime (MTD):

• Order Processing and Fulfillment: 24 hours MTD
• Warehouse Operations and Inventory Management: 24 hours MTD
• Customer Support Services: 24 hours MTD
• IT Systems and Infrastructure: 12 hours MTD
• Finance and Billing Operations: 72 hours MTD
• Sales and Marketing Operations: 5 days MTD

6. Business Continuity Strategies

6.1. Preventive Measures

• Data Backups & Recovery: InterFulfillment software is provided by Extensiv which is hosted at Amazon Web Services. For our software details such as SOC 2 Type 2 report and Testing methods visit this link: Application Stability FAQ
• Equipment Maintenance: Regular maintenance checks for warehouse equipment, IT systems, and security equipment to prevent breakdowns.
• Cybersecurity: Implement firewalls, antivirus software, multi-factor authentication, and employee training to prevent data breaches and cyberattacks.

6.1.1 Emergency Power Solutions

InterFulfillment employs emergency lighting and a UPS (Uninterruptible Power Supply) backup at all facilities to ensure critical systems remain operational during power outages. These measures protect vital infrastructure, including computers, networking devices, and even industrial machinery, until power is restored or a generator is activated.

• Immediate Power Supply: Provides instantaneous power during outages, preventing disruptions, data loss, or equipment shutdowns.
• Voltage Regulation: Protects equipment from voltage fluctuations, such as spikes, surges, and brownouts, ensuring operational stability.
• Short-term Backup: Keeps systems running for a limited time, allowing for a safe shutdown or transition to backup generators.
• Critical Systems Continuity: Ensures vital systems like IT infrastructure, communication tools, order processing, and emergency systems remain functional during outages, minimizing business downtime.

The UPS protects key components of the operation, including Order Processing Systems, Networking Devices, and Communication Tools.

6.2. Response & Recovery Procedures

6.2.1 Incident Response Team (IRT)

Role: The IRT is responsible for activating the BCP, assessing the situation, coordinating recovery efforts, and ensuring communication with stakeholders.

Team Members:

• Chief Operating Officer (COO) – Overall Incident Commander
• VP of Sales – Client Communication and Liaison
• IT Manager – Systems Recovery Lead
• Warehouse Manager – Operations and Logistics Recovery Lead
• HR Manager – Employee Coordination and Welfare

6.2.2. Communication Plan

In the event of a disruption, clear and consistent communication is key.

• Internal Communication: Use of group messaging systems (skype) and a phone tree for urgent updates.
• External Communication: Notify clients via mass mailing list, website, and social media about the disruption and estimated time to resume normal operations.
• Employee Updates: Regular updates on safety procedures, work-from-home policies, and return-to-work timelines.

6.2.3. Disaster Recovery

IT System Failures: All workstations are equipped with backup wifi with a 5G cellular connection in case of internet failure. Our Extensiv software leverages the capabilities of the multi-AZ (Availability Zone) infrastructure provided by AWS to be “better isolated and protected from issues such as power outages, lightning strikes, tornadoes, earthquakes, and more. AZ’s are physically separated by a meaningful distance, many kilometers, from any other AZ, although all are within 100 km (60 miles) of each other.”

In the event of a disaster at one or two of the three AZs, the Extensiv servers will migrate servers and route traffic automatically to the remaining Availability Zone(s) to continue operation with minimal interruption (seconds to minutes).

Extensiv also leverages the power of Infrastructure as Code (IaC). This allows the Extensiv team time to spin up predefined infrastructure in a matter of minutes to handle additional load in the event of a spike or to migrate infrastructure to another region should a disaster be that significant to require that drastic of an action. To learn more, please see Introduction to DevOps on AWS.

Warehouse and Logistics Issues: Utilize one of four standalone InterFulfillment warehouses located on the same block, providing the flexibility to relocate, segregate, or quarantine inventory as necessary to ensure business continuity.

Staff Shortages: Cross-train employees to handle multiple roles in times of emergency. Activate temporary staffing solutions if necessary.

6.3. Recovery Prioritization

• Critical Systems Recovery: Restore IT systems, including order processing, inventory, and communication systems, within 12 hours.
• Warehouse Operations: Resume essential warehouse functions, including inventory management and shipping, within 24 hours.
• Customer Service & Communication: Ensure clients and stakeholders are kept informed of recovery progress and potential impacts on their operations.

7. Business Resumption and Improvement

• Gradual Return to Normal Operations: Restore full operations gradually while assessing performance at each stage.
• Review & Debrief: Conduct a post-incident review to analyze the effectiveness of the BCP, identifying strengths, weaknesses, and areas for improvement.
• Continuous Improvement: Regularly update the BCP based on lessons learned, new risks identified, and changes in business operations.
  

8. Testing & Training

8.1 Regular Testing

• Objective: To assess the staff’s readiness to respond to a disruption.
• Frequency: BCP testing will be conducted annually, with additional tests after major incidents or business operational changes.

8.1.2 Testing Methods

• Perform an exercise simulating a disaster (e.g., IT outage, fire, or supply chain disruption).
• Identify gaps or weaknesses in the response and document them for improvement.
• Ensure all departments participate, including operations, IT, and customer service.

8.1.3 Evaluation and Reporting

Responsible Personnel: Incident Response Team (IRT) members outlined in section 6.2.1

Evaluation & Reporting:

• After each test, document results, challenges, and improvements required in a Test Report.
• Share the report with senior management and all department heads.
• Implement improvements based on feedback from the test.

8.2 Employee Training

Objective: Ensure all employees know their roles and responsibilities during a disruption.

Training Frequency:

• New employees will undergo BCP training during onboarding.
• Refresher training for all employees will be conducted every six months.

Training Methods:

• Online training modules covering BCP core fundamentals and specific departmental responsibilities.
• Hands-on drills, such as evacuations, communication during power outages, and data recovery simulations.

Training Content:

• Comprehensive overview of the BCP and what is expected from the employee.
• Specific roles during various disruption scenarios (e.g., natural disasters, cyberattacks).
• Outline of communication tools and emergency response channels.

Training Content:

• Employees will complete an assessment after each training session to ensure an understanding of the material.
• Results will be reviewed by the HR team to identify areas requiring additional focus.

8.3 Update and Review

Objective: Ensure the BCP remains relevant and effective based on evolving business needs, regulatory changes, and incident learnings.

Review Frequency:

• Scheduled review of the BCP every 12 months.
• Immediate review and updates after any major incidents, regulatory updates, or changes in the business (e.g., new locations, technologies).

Review Process:

• Gather input from all department heads on any new risks or changes in operations.
• Assess the results from the most recent BCP test to identify any areas requiring updates.
• Document changes and communicate them to all employees through an official communication channel (e.g., email, team meetings).

Documentation:

• Maintain an up-to-date log of BCP changes, along with approval records from senior management.
• Archive old versions of the BCP for reference.

9. Contact Information Maintain an updated list of contact information for:

• Internal IRT Members: Include personal and work contact details.
• External Partners: Key suppliers, clients, carriers, emergency services, and WMS software providers.

10. Document Control & Storage Ensure that the BCP is stored securely and is accessible to all relevant personnel in both digital and hard copy formats. Regularly review the document for accuracy and compliance.

Conclusion This BCP is designed to ensure that InterFulfillment is prepared to handle disruptions effectively and maintain essential operations. The plan provides the framework to respond promptly and recover quickly, minimizing the impact on our business, clients, and partners.