Skip to content
LEF LEF Docs
GitHubLinkedIn

Business Continuity and Disaster Recovery Plan

This plan defines how LEF maintains critical operations and recovers essential systems after disruptions.

OwnerInformation Security Officer
Contactinfra@lef.tec.br
Version1.1
Last updated2025-03-26
Review cadenceAnnual (or after major incidents)

1. Purpose

Section titled “1. Purpose”

Ensure that LEF is prepared to maintain critical operations and recover essential systems in the event of a disruption, minimizing impact on clients, projects, and partners.

2. Scope

Section titled “2. Scope”

This plan applies to all critical business processes, systems, and personnel involved in the delivery of LEF’s services.

3. Core Principles

Section titled “3. Core Principles”
  • Prioritize continuity of client-facing project delivery.
  • Ensure secure access to core collaboration platforms (Microsoft 365, VPN).
  • Rely on project-based recovery plans where needed.
  • Define clear responsibilities and fallback communication channels.

4. Key Systems and Continuity

Section titled “4. Key Systems and Continuity”
SystemContinuity Strategy
Microsoft 365 (Teams, OneDrive, SharePoint)Cloud-native with built-in redundancy and recovery.
VPN AccessPersonal VPN with MFA. Can be accessed remotely by staff.
SQL Server InstancesBacked up per project. Recovery instructions stored with project documentation.
Document Storage (Private Cloud)Access granted per project. Backed up per infrastructure standards.

5. Disaster Scenarios and Responses

Section titled “5. Disaster Scenarios and Responses”
  • Cloud Service Interruption: Wait for service restoration. Use alternative communication channels (e.g., WhatsApp, mobile email).
  • Database Corruption: Restore latest backup from project-based schedule.
  • Loss of Access Device: Employee reports incident to IT; credentials are revoked; access reissued securely.
  • Building Unavailability: Employees continue work remotely using existing VPN and cloud tools.

6. Recovery Objectives

Section titled “6. Recovery Objectives”
  • RTO (Recovery Time Objective): Defined per project based on client SLA.
  • RPO (Recovery Point Objective): Depends on backup frequency, defined during project planning.

7. Responsibilities

Section titled “7. Responsibilities”
  • Information Security Officer: Maintains this plan, coordinates recovery actions.
  • Project Leads: Define project-specific RTO/RPO and validate recovery steps.
  • IT/Infra: Executes technical recovery steps and manages fallback tools.

8. Testing and Review

Section titled “8. Testing and Review”
  • This plan is reviewed annually or after any major incident.
  • Recovery procedures are tested as needed, depending on project risk.

9. Contact

Section titled “9. Contact”

For continuity-related incidents or questions: infra@lef.tec.br

Records / evidence

Section titled “Records / evidence”
  • Plan review records (approvals/updates):
  • Continuity exercises / recovery tests:
  • BIA inputs (if used):
Section titled “Related”
Policies Backup and recovery policy Infrastructure operations