Business Continuity

InfraNet HR is committed to maintaining the availability, security, and reliability of our platform. This Business Continuity and Disaster Recovery Plan Overview describes the measures InfraNet takes to prepare for, respond to, and recover from events that could impact service availability or customer access.

Our objective is simple: maintain operational continuity and restore services as quickly and safely as possible. We recognize that our customers rely on InfraNet to manage critical workforce operations — workers' compensation claims, leave administration, OSHA compliance, workplace investigations, and safety incident management. When those operations are disrupted, the impact extends beyond our platform to the people and processes our customers support.

Business Continuity Principles

InfraNet is designed around the belief that critical work should continue even when unexpected events occur. Our continuity objectives include:

Protecting Customer Data

Data integrity and confidentiality are never sacrificed for speed of recovery. Every continuity action is evaluated through the lens of data protection.

Maintaining Service Availability

We design our systems and processes to maximize uptime and minimize the duration and impact of service interruptions.

Supporting Operational Resilience

Resilience is built into our architecture, our processes, and our culture. We plan for failure so that when it occurs, the impact is contained and recovery is rapid.

Reducing Downtime

Every minute of downtime has real consequences for our customers. Recovery procedures are designed, documented, and tested to minimize restoration time.

Recovering from Incidents Efficiently

When incidents occur, we follow structured response and recovery processes that prioritize safety, security, and speed in that order.

Types of Potential Disruptions

Business continuity planning requires anticipating a wide range of potential events. InfraNet's planning addresses disruptions including but not limited to:

Infrastructure and Technology Events

• Cloud infrastructure outages affecting virtual machines, databases, or networking
• Data center disruptions including power failures, cooling failures, or network outages
• Software deployment failures resulting in degraded functionality
• Network connectivity issues affecting customer access
• Hardware failures at the infrastructure provider level

Security Events

• Security incidents requiring system isolation or shutdown
• Compromised credentials or unauthorized access
• Ransomware or other malicious software incidents
• Distributed denial of service (DDoS) attacks
• Data breaches affecting customer information

Operational Events

• Human error affecting system configuration or data
• Vendor or third-party service interruptions
• Scheduled maintenance that extends beyond planned windows
• Configuration errors during updates or changes

External Events

• Natural disasters affecting infrastructure locations
• Severe weather events
• Power grid disruptions
• Public health emergencies affecting staffing
• Geopolitical events impacting infrastructure availability

This list is not exhaustive. Our planning is designed to be adaptable to events we can anticipate as well as those we cannot.

Data Protection During Disruptions

Protecting customer data is always the first priority, even during service disruptions. InfraNet employs multiple safeguards to ensure data remains protected regardless of operational circumstances.

Secure Cloud Infrastructure

InfraNet operates on trusted cloud infrastructure providers with mature physical, environmental, and operational security controls. These providers maintain redundant systems, backup power, climate control, and 24/7 physical security.

Redundant Systems

Where feasible, critical systems are designed with redundancy to eliminate single points of failure. This includes redundant compute resources, database replicas, and network paths.

Encrypted Communications

All data transmitted between users and the platform remains encrypted using TLS, even during recovery operations. This ensures that data in transit is protected regardless of the operational state of the platform.

Authentication Controls

Access to systems remains protected by authentication controls even during incident response and recovery. Recovery operations are performed by authorized personnel with appropriate credentials.

Backup Procedures

Customer data is backed up on a scheduled basis. Backup procedures are designed to support restoration of critical systems and customer information in the event of data loss or corruption.

Access Management

Access to backup systems and recovery environments is restricted to authorized personnel. Access is logged and auditable.

Backup and Recovery

InfraNet maintains backup and recovery processes designed to support restoration of critical systems and customer information. These processes are documented, tested, and refined on an ongoing basis.

Scheduled Database Backups

Databases are backed up on a regular schedule. Backup frequency is determined based on the criticality of the data and the acceptable recovery point objective (RPO) — the maximum acceptable age of data following recovery.

Recovery Testing

Backup and recovery procedures are tested periodically to verify that they work as expected and that recovered data is intact and usable. Testing identifies gaps, inconsistencies, or procedural issues that are addressed through remediation.

Secure Backup Storage

Backups are stored securely, with access restricted to authorized personnel. Backup storage is logically or physically separated from production systems to reduce the risk of a single incident affecting both primary data and backup copies.

Backup Retention Controls

Backup retention periods are defined based on operational requirements, legal obligations, and data minimization principles. Older backups are retired according to established schedules.

Encryption of Backups

Backup data is encrypted to protect it from unauthorized access, both during transmission to backup storage and while at rest.

Incident Response During Service Interruptions

When service interruptions occur, InfraNet follows a structured response process designed to minimize disruption while maintaining security and data integrity.

1. Protect Customer Data

The first priority in any incident is ensuring customer data remains protected. If there is any risk that continuing operations could compromise data security, systems may be isolated or shut down to prevent data loss or unauthorized access.

2. Contain the Issue

Once data is secured, the focus shifts to containing the disruption and preventing it from spreading to other systems or affecting additional customers. Containment may involve isolating affected components, rerouting traffic, or implementing temporary controls.

3. Restore Service Functionality

With the issue contained, recovery efforts begin. Restoration follows documented procedures designed to return services to normal operation as quickly and safely as possible. Restoration may involve failing over to redundant systems, restoring from backup, applying fixes, or reconfiguring infrastructure.

4. Investigate Root Cause

After services are restored, a root cause investigation is conducted. The investigation seeks to understand what happened, why it happened, and what systems or data were affected. Findings are documented and retained.

5. Implement Corrective Actions

Based on the root cause investigation, corrective actions are identified and implemented to reduce the risk of recurrence. This may involve process changes, technology improvements, configuration updates, or additional monitoring.

6. Communicate Relevant Updates

Communication is provided to relevant stakeholders, including customers when appropriate. Communications include relevant information about the incident, its impact, and steps being taken to address it and prevent recurrence.

Vendor Resilience

InfraNet relies on carefully selected infrastructure and service providers. We evaluate providers based on factors including reliability, security, availability, business continuity practices, and operational maturity.

Before engaging a provider, we assess their security and operational practices to ensure they meet our standards. Vendor relationships are reviewed periodically as business requirements evolve. When a provider experiences a disruption, our incident response process addresses the impact on our platform and customers.

Service Monitoring and Early Detection

Early detection of issues is critical to minimizing downtime. InfraNet utilizes monitoring and logging practices designed to identify service degradation, availability issues, operational anomalies, and security concerns.

Infrastructure Monitoring

Compute, storage, networking, and database performance are monitored continuously. Alerts are triggered when metrics exceed established thresholds.

Application Monitoring

Application performance and error rates are monitored to detect issues that could affect user experience or data integrity.

Availability Monitoring

External monitoring checks verify that services are accessible from outside our infrastructure. This provides an independent view of service availability.

Anomaly Detection

Monitoring systems are configured to detect unusual patterns that may indicate operational issues, security incidents, or configuration problems.

Alerting and Escalation

When monitoring detects an issue, alerts are generated and routed to the appropriate teams. Escalation procedures ensure that critical issues receive attention promptly, regardless of time of day.

Recovery Objectives

While recovery timelines may vary depending on the nature and severity of an incident, InfraNet's objective is to restore critical services as quickly and safely as possible.

Recovery Time Objective (RTO)

The target duration within which critical services should be restored following a disruption. Our objective is to minimize this window through preparation, testing, and efficient response procedures.

Recovery Point Objective (RPO)

The maximum acceptable age of data following recovery. Our backup and replication procedures are designed to minimize data loss in the event of a failure.

Factors Affecting Recovery

Actual recovery times may be affected by incident severity, infrastructure availability, third-party dependencies, security considerations, and the nature of the disruption itself. Recovery objectives represent targets, not guarantees, and are subject to the specific circumstances of each incident.

Customer Responsibilities in Business Continuity

Customers play an important role in business continuity. Preparation on both sides strengthens overall resilience.

Maintain Current User Access Records

Keeping user records current helps ensure that appropriate personnel can access the platform when needed and that former personnel cannot.

Export Critical Records When Appropriate

Customers should maintain their own copies of critical records in accordance with their internal record retention policies. InfraNet's platform provides export capabilities for this purpose.

Follow Internal Record Retention Requirements

Customers should maintain records retention and backup practices consistent with their own legal, regulatory, and operational requirements.

Protect Account Credentials

Strong passwords, multi-factor authentication, and secure credential management reduce the risk of account compromise.

Report Issues Promptly

Early reporting of suspected issues helps InfraNet respond quickly and minimize impact.

Continuous Improvement

InfraNet regularly reviews and improves its operational processes, recovery procedures, and continuity planning efforts. Lessons learned from incidents, testing activities, and operational reviews are used to strengthen future resilience.

Post-Incident Reviews

Every significant incident is followed by a review to identify what went well, what could be improved, and what changes should be implemented.

Testing and Drills

Continuity procedures are tested periodically to validate their effectiveness and identify improvement opportunities.

Policy Updates

This Business Continuity and Disaster Recovery Plan Overview is reviewed and updated as needed to reflect changes in our infrastructure, operations, or business requirements.

Contact

Questions regarding business continuity, disaster recovery, or service resilience may be directed to:

InfraNet HR Email: security@infranet-hr.com Springfield, Missouri, United States