Business Continuity

Business Continuity at Persistent Systems

Persistent’s global operations necessitate a robust computing infrastructure and supporting services that operate continuously, essential for the company’s sustainability. Compliance with stringent contractual and regulatory obligations, both internally and for clients across various jurisdictions, is imperative. This includes safeguarding intellectual property and customer data, which underscores the importance of maintaining uninterrupted services to preserve customer trust and confidence.

Business Continuity Management System (BCMS)

The Global Business Continuity Management System (BCMS) program provides a robust framework for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving business continuity measures across Persistent and its global subsidiaries.

The BCMS program guarantees smooth business continuity and optimal safety for employees and organizational assets, while consistently fulfilling client expectations and regulatory requirements regarding business resilience. Our Business Continuity Plan (BCP) and Management Strategy adhere to the ISO 22301:2019 standard, emphasizing the security and resilience of our established systems and processes. This commitment is reinforced by our annual SOC-II Type 2 certification and is backed by industry-leading practices.

We have established a robust Business Continuity Plan (BCP) and Crisis Management Framework to safeguard all data through appropriate backup and restoration procedures. Our BCP encompasses three levels: business enabling functions, locations, and delivery segments (accounts and projects). Each functional and delivery unit assumes responsibility for developing the plan, overseen by the Infosec Risk & Governance function within the CISO office. These meticulously crafted plans ensure minimal disruption to business operations during emergencies or disasters.

The Business Continuity Management System (BCMS) outlines our response protocols for potential disruptions, including catastrophes and disasters, whether natural or human-made, which may impact our operations.

Our BCMS encompasses comprehensive risk assessments for different functions, locations, and accounts, each accompanied by mitigation plans and established controls. This framework ensures a robust management system, continuously validated through tests, exercises, and successfully managed incidents, without significant disruptions to business continuity or employee safety.

A business continuity planning and response team (BCPRT) is in place to handle any crises affecting our business operations. Comprising key C-suite executives including the COO, CIO, CISO, and CRO, as well as representation from Delivery and Operational units, the team orchestrates crisis management, operational restoration, and triage. Additional stakeholders are brought in as needed to address specific incidents effectively.

Business Continuity is integral to all organizational processes and closely interfaces with cybersecurity, information security, and data privacy systems. Responsibilities for communication are clearly defined as follows:

• Global Corporate Communications, Chief People Officer, and Executive Management are responsible for providing necessary media updates.
• Respective business units and accounts handle customer communications.
• HR oversees internal communication for employees.

Business Continuity and Disaster Recovery Testing Program

Regular drills and exercises, such as Call Tree Testing, Tabletop Testing, and Data Restoration Testing, are conducted to validate the effectiveness of these plans and to ensure compliance with ISO 22301 requirements, thereby safeguarding the availability of network and communication services. Incident handling and end-to-end incident management protocols are meticulously documented and their connections to the BCMS are regularly evaluated.

Business continuity and incident response procedures undergo biannual testing or whenever there’s a significant infrastructure change, whichever comes first. Further detailed testing calendars are chalked up spanning organizational, location, and delivery units, to validate the plans’ effectiveness. For delivery units, a specific focus is maintained to ensure adherence to customer mandates outlined in contracts. Additionally, regular red teaming exercises, conducted by reputable third-party entities at least annually, bolster preparedness measures.

Resilience and Business Continuity Aware Workforce

Persistent offers internal training programs for Business Continuity and Disaster Recovery, aimed at certifying employees across our business units, functions, and locations. Project Managers and Business Continuity Representatives participate as facilitators of our Business Continuity Management System (BCMS) within these programs. We conduct annual reviews according to a structured BCM testing and evaluation calendar to ensure ongoing compliance and updates to the BCMS.

Certifications and Assurance

Persistent maintains ongoing ISO 22301 certification for our Business Continuity Management System (BCMS). Our BCMS undergoes regular internal audits by our compliance team to ensure continuous conformance.

Additionally, external independent audits are conducted annually as part of ISO 22301 requirements. We also undergo annual assessments by a third-party organization to achieve SOC 2 Type II compliance. These assessments focus on the Trust Service Principles of Availability established by the American Institute of Certified Public Accountants (AICPA), providing added assurance of our commitment to maintaining high standards of business continuity and security.