Business Continuity & Disaster Recovery Plan – SOC 2 Edition
The underlying procedures are maintained in the ISO 27001 BCDR Plan. This document highlights SOC 2 availability criteria and evidence.
1. Objectives
- RTO 2 h for customer-facing APIs.
- RPO 15 min for transactional data.
- Annual SOC 2 auditor review and evidence capture.
2. Strategy Summary
| Layer | Strategy | Control Evidence |
| Compute | Active/standby across eu-central-1 & eu-west-1 | Terraform, EC2/Autoscaling configs |
| Data | Amazon RDS replicas to eu-west-1 (Ireland) & hourly DB snapshots | Backup logs |
| DNS | AWS Route 53 health checks & failover routing | Route 53 dashboards |
| People | Distributed on-call rota, alternate workspace | Better Stack schedules |
3. Test Schedule
- Semi-annual failover drill recorded in Clerk.ai Governance Engine.
- Annual tabletop with Execs.
4. Crisis Communication
Better Stack status page (https://status.clerk.io) is updated within minutes of incident detection and at least every 10 minutes during prolonged events; Major-Incident Slack channel is archived for evidence.
Better Stack automatically sends SMS and email alerts to all status-page subscribers, providing real-time customer communication without additional tooling.
Version 1.0