2CLIX knows that your security and privacy are important and cares deeply about them.
CRITICAL ASSETS
To ensure continuity of 2CLIX TECNOLOGIA EIRELI services during an information security incident, it is necessary to define which assets are critical for the delivery of Quality Portal services, system maintenance and communication with customers.
In this context, servers and databases are the heart of system operation. Both the connection of the Quality Portal to the internet and the databases are vital to maintain the services provided by the organization. However, these servers are hosted in the cloud, located in a Tier IV Data Center. This data center has redundancies for more severe service outages, protections against mechanical or electrical failures, as well as strict access control.
Among physical assets, workstations are the most critical, as they enable all employees to perform their duties. These workstations are laptops, allowing employees to continue performing their activities remotely even when the offices cannot be used.
Azure and Google Workspace systems are also critical for employees to perform their functions: Azure is used for source code management, machine logins and task management, while Google Workspace provides email service, file sharing and digital document storage.
Maintaining the availability, integrity and reliability of these components — Servers, Workstations and Repositories — must be the top priority of Business Continuity.
RESPONSIBILITIES
During a security incident that requires activation of this plan, employees must be aware of their responsibilities and roles to ensure that service normalization is achieved.
Some incidents may require specific approaches, while others may follow the same workflow.
In the basic workflow: the System Administrator must manage external contacts with authorities and suppliers, while the Security lead must handle internal communication and delegate instructions on how to proceed to the other teams.
The Development team must assist in incident containment actions, as well as in isolating affected systems or equipment.
The Projects team must coordinate with the Security team to define the best actions to mitigate the incident, maintain information security and coordinate these actions with the Development team.
The Support and Business teams must coordinate with the Security team and the System Administrator to communicate with users, providing relevant instructions, resolution timelines and helping to manage panic.
The Quality team must engage with the Projects team to perform tests on the system in order to help identify affected areas and define the scope of the incident.
USE OF THE BUSINESS CONTINUITY PLAN
Data Center Incidents
Data Center incidents may occur either in the form of a security breach that poses a risk to the data stored in this data center, or in the form of events that cause service interruption.
In the event of a service interruption, the Business Continuity Plan must be activated when the timeframe for restoring the service provided by the Data Center exceeds 72 hours. Before that, the event must be logged by the Security team and monitored by the System Administrator through contact with the Data Center.
The 72-hour timeframe is required because this is the minimum time needed to move the system to another data center and change its DNS routes. In such cases, the Business and Customer Success teams will maintain contact with users, informing them of the reason for the interruption of the Quality Portal service as well as estimated timelines for restoration and normalization of access.
However, if access to the servers is degraded or there are instabilities resulting from a serious security failure in the Data Center that pose a risk to the data stored on the servers, the Business Continuity Plan must be activated. In this case, the System Administrator must coordinate with those responsible for infrastructure to encrypt all databases located on the servers, gather server logs and initiate a process to isolate the machines from the affected networks, closing all affected ports and keeping access only for Infrastructure personnel.
Office Incidents
The BCP must be activated whenever an incident occurs at the office that requires employees to leave the premises and results in prolonged unavailability of the office space.
In such cases, the priority must be the physical safety of employees, and all work processes will be moved entirely to a home office model. As there is already a hybrid culture of on-site and remote work, the machines are already equipped with tools to support home office work, and all security policies cover both local and remote work security processes.
If the incident causes damage to workstations, affected employees must remain at home until new workstations are delivered. In such cases, the Administration team must recover the affected machines and provide new machines already configured and with the necessary software installed for remote work.
REDUNDANCIES
Data Redundancy
Every database backup is encrypted and performed daily. This backup is then saved on the primary server, and a backup copy is created and stored on a second physical server in a Data Center of the same provider, which offers the same security protocols as the Data Center used by the primary server.
The backup server has no open ports to the internet and no web servers running. It can only be accessed by the System Administrator and infrastructure personnel via a VPN separate from the one used by the primary server. This server is used solely to store backups and, when necessary, to restore application services if the primary server becomes unavailable.
Log and Security Redundancy
All logs are stored in two different locations. Database logs are stored in a separate database dedicated solely to logs, and a copy of this is stored in a second database. System logs from both servers and workstations are stored locally on the machines and replicated to the second database. All of these logs are replicated to the SIEM, ensuring that, even if they are altered locally, the original logs are preserved on the SIEM server.
Access Redundancy
Access logs are stored in several instances, both by Azure AD and by Windows auditing tools. The servers also maintain access records for both local connections and VPN connections. All of these logs are stored and analyzed by the SIEM.
DOCUMENT MANAGEMENT
This document is valid from the date of its most recent approval and is the responsibility of the Administration team of 2CLIX TECNOLOGIA EIRELI. The update cycle for this document is annual and must always be based on an assessment of the effectiveness and suitability of this document in relation to the company’s other policies and processes.
To ensure a concise and clear assessment, the following evaluation criteria will be used:
- Feedback from interested parties regarding the effectiveness and impact of the ISMS;
- Effectiveness of the Plan in simulation scenarios;
- Cost of Plan implementation;
- Feedback from training sessions;
- Feedback from Customers and Employees after handling of incidents;
- Delays in applying the BCP when necessary due to unclear or incomplete definitions of BCP procedures.
