Policies & Legals

We’re committed to keeping your data secure, your information private, and being transparent about our practices as a business.

Business Continuity and Disaster Recovery Policy

Last revised on Sep 30, 2024.

1. Introduction

SkootEco is committed to maintaining the continuity of its business operations and ensuring the safety and wellbeing of its employees in the face of potential disruptions. This Business Continuity and Disaster Recovery (BCP/DR) Policy outlines our approach to managing both localised and widespread crises, taking into account our remote operations and flexible working conditions.

2. Scope

This policy applies to all SkootEco employees. It covers both localised disruptions affecting individual employees or teams, and widespread crises that may impact our entire organisation or multiple regions simultaneously.

3. Objectives

  • Ensure the safety and wellbeing of all SkootEco personnel
  • Maintain critical business functions during and after a disruptive event
  • Protect SkootEco's data, assets, and reputation
  • Comply with legal, regulatory, and contractual obligations
  • Minimise financial losses and business disruptions

4. Risk Assessment and Business Impact Analysis

4.1 SkootEco will conduct annual risk assessments to identify potential threats to business continuity, including but not limited to:

  • Cybersecurity incidents
  • Natural disasters affecting employees' locations
  • Infrastructure failures (internet, power, etc.)
  • Pandemics or widespread health crises
  • Economic or political instability in regions of operation

4.2 A business impact analysis will be performed to identify:

  • Critical business functions and their recovery time objectives
  • Key personnel and their backups
  • Essential tools and technologies
  • Critical third-party dependencies

5. Business Continuity Strategies

5.1 Remote Work Infrastructure

  • Ensure all employees have necessary equipment for remote work
  • Maintain redundant cloud-based systems for critical applications
  • Provide VPN access for secure connections to company resources

5.2 Communication

  • Establish a crisis communication plan with clear roles and responsibilities
  • Maintain up-to-date employee contact information
  • Utilise multiple communication channels (email, messaging apps, telephone)

5.3 Data Backup and Recovery

  • Implement automated, regular backups of all critical data to cloud storage
  • Ensure data is encrypted both in transit and at rest
  • Conduct quarterly tests of data restoration processes

5.4 Third-Party Risk Management

  • Regularly assess the BCP/DR capabilities of critical vendors and partners
  • Maintain a list of alternative suppliers for essential services

5.5 Financial Resilience

  • Maintain adequate cash reserves or credit lines to manage potential disruptions
  • Develop strategies for rapid cost reduction if needed

6. Incident Response Procedures

6.1 Incident Classification

  • Level 1: Minor incident affecting an individual or small team
  • Level 2: Moderate disruption affecting a significant portion of the organisation
  • Level 3: Major crisis affecting the entire organisation or multiple regions

6.2 Incident Response Team

  • Establish a cross-functional incident response team with clearly defined roles
  • Conduct regular training and simulations for the response team

6.3 Response and Recovery Steps

  1. Incident detection and reporting
  2. Assessment and classification
  3. Activation of appropriate response plans
  4. Communication to stakeholders
  5. Implementation of continuity strategies
  6. Monitoring and adjustment of response
  7. Recovery and return to normal operations
  8. Post-incident review and lessons learnt

7. Specific Scenario Plans

7.1 Cybersecurity Incident

  • Implement immediate containment measures
  • Engage cybersecurity experts for incident investigation and resolution
  • Notify affected parties as required by law

7.2 Natural Disaster Affecting Employee Locations

  • Account for all employees in the affected area
  • Provide support for relocation or alternative work arrangements if necessary
  • Redistribute workload to unaffected team members

7.3 Widespread Health Crisis (e.g., Pandemic)

  • Implement additional health and safety measures for any in-person activities
  • Provide mental health support and resources to employees
  • Adjust policies to accommodate increased caregiving responsibilities

8. Testing and Maintenance

8.1 Conduct annual tabletop exercises to test the BCP/DR plan

8.2 Perform quarterly tests of critical systems and recovery procedures

8.3 Update the BCP/DR policy annually or after any major organisational changes

9. Roles and Responsibilities

9.1 Executive Leadership

  • Overall responsibility for BCP/DR policy approval and resource allocation

9.2 BCP/DR Coordinator

  • Maintain and update the BCP/DR policy and procedures
  • Coordinate testing, training, and awareness programmes

9.3 Department Heads

  • Ensure BCP/DR measures are implemented within their departments
  • Identify critical functions and personnel within their areas

9.4 All Employees

  • Familiarise themselves with the BCP/DR policy and their roles in it
  • Report any potential threats or incidents promptly

10. Policy Review and Approval

This policy will be reviewed annually and updated as necessary. All changes must be approved by SkootEco's executive leadership.

Contact Details

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your Personal Data, please use one of the following means:

  • By email:
[email protected]
  • By mail or courier to:
Attn: Privacy Officer
SkootEco Group Ltd.
86-90 Paul Street, 3rd Floor
London, England
EC2A 4NE
Back to top