Healthy.io’s services are hosted on AWS and GCP Cloud Services, thus enabling continuous global activation even if one location fails. AWS and GCP span multiple geographic regions and provide numerous redundancy provisions, allowing Healthy.io servers to remain resilient in the event of almost any failure modality.
Healthy.io identifies when critical business processes require business continuity and recognizes events that can cause interruptions to their essential business processes. It can mitigate information security aspects of business continuity with risk assessments that determine the probability and impactful interruptions based on cost, damage, scale, and recovery period. These risk assessment results provide the overall approach to the business continuity strategy. After these results create and develop the strategy to identify problems, management endorses the strategy and arranges plans to implement it.Healthy.io protects its employees against or limits the effects of various types of denial-of-service attacks.
Healthy.io can implement recovery and restore business operations, establishing the availability of information in the timeframe required by predisposed business objectives without deteriorating security measures. The contingency program addresses required capacity, identifies critical missions and business functions, defines recovery objectives and priorities and identifies roles and responsibilities. Key contingency personnel receive copies of the business continuity plans. The company identifies alternative storage and processing sites (permanent and/or temporary) at a sufficient distance from the primary facility and configures them with security measures equivalent to the main site. Healthy.io has established the necessary third-party service agreements to allow for the resumption of information systems operations of critical business functions within the period defined based on the risk assessment, including Recovery Time Objectives (RTO), per Healthy.io’s availability requirements.
Healthy.io stores its Business continuity plans in remote locations. It has established alternate telecommunications services sufficiently separate from the primary service provider with priority-of-service provisions.Healthy.io creates, at a minimum, one business continuity plan and ensures each plan (i) has an owner, (ii) describes the approach for continuity, ensuring at a minimum the process to maintain information or information asset availability and security, and (iii) specifies the escalation plan and the conditions for its activation, as well as the individuals responsible for executing each component of the plan. When it identifies new requirements, it appropriately amends the existing emergency procedures.
Emergency procedures, manual ‘fallback’ procedures, and resumption plans are the responsibility of the owner of the business resources or processes involved; fallback arrangements for alternative technical services, such as information processing and communications facilities, are the responsibility of the service providers.
The business continuity planning framework addresses a specific, minimal set of information security requirements.
Capacity monitoring addresses:
Identifying capacity requirements for each new and ongoing system/service;
The projection of future capacity requirements, taking into account current use, audit record storage requirements, projected trends, and anticipated changes in business requirements;
System monitoring and tuning to ensure and improve the availability and effectiveness of current systems.