ProCircular takes a broad approach to service continuity. In this spirit, we must consider the effects of a potential COVID-19 (coronavirus) outbreak in the coming months. While we expect little or no impact on either our products or services, we would like to provide some detail regarding our preparedness.
ProCircular has an active internal business continuity planning (BCP) program, like those we provide to our clients. We take every opportunity to “practice what we preach” and have used the unfortunate example of the COVID-19 pandemic to test our emergency response plan. Over several days in the coming weeks, our offices will be declared “off limits” and employees will work remotely.
We have an outline of key preparedness activities, specific to COVID-19, to ensure continued service delivery. During any situation that challenges normal operations, there are three areas of focus:
Impact on systems
One advantage of a company like ProCircular is the ability to build entire systems from the ground up. As a result, the vast majority of our systems are hosted with SAAS vendors and in the Azure cloud. This includes the tools we use to provide our clients with SIEM monitoring and other services.
Our attack infrastructure is deployed to the cloud in Microsoft’s SOC certified systems, so we have several methods of accessing our systems remotely. Microsoft’s BCP and RPO/RTOs listed in SOC reports meet our continuity requirements. The supporting documents attesting their SOC compliance are available here.
Impact on location
ProCircular and our vendors are all prepared with redundant physical locations. If a location were to become inaccessible, we could continue providing all of our services. In practicing our active BCP/DR program, the entire staff will be working remotely during the week of March 16th.
Impact on people
All of ProCircular’s employees can work fully remote for as long as is necessary. Office phones are cloud-hosted and are redirected to mobile phones as needed. Employees are all provided with their essential software, and all company computers are laptops that allow for remote work.
The employees responsible for managing services have the resources they need to act while away from the office. A “deep” on-call rotation allows for sustained support and availability should issues arise. Incident response lines are cloud-hosted and forwarded to appropriate individuals for coverage of all clients.
While ProCircular puts the safety and well-being of its employees at the forefront, we have designed our “defense-in-depth” approach to allow for uninterrupted service operation should the virus spread significantly.