Legal · Business Continuity
Business Continuity and Disaster Recovery Policy
Last updated: 15 June 2026
Purpose
This policy sets out how Deliverance AI Limited maintains the continuity of critical business and platform services and recovers from disruptive incidents, protecting the availability of information and services to our customers. It supports our obligations under ISO/IEC 27001:2022, including controls for ICT readiness for business continuity, information security during disruption, backup, and redundancy.
Scope
This policy covers the people, processes, systems, data, and third-party services required to deliver Deliverance AI's critical business operations and the Deliverance AI platform, across our remote-first corporate environment and customer deployments.
Objectives
Our objectives are to protect life and safety first, maintain or rapidly restore critical services, protect the integrity and confidentiality of information during disruption, and meet recovery targets agreed with customers and recorded in contracts.
Business impact and recovery targets
Critical activities and systems are identified through business impact analysis, which sets recovery priorities and targets. Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for each critical service reflect our platform architecture and contractual commitments.
Email trust@deliverance.ai for our current RTO and RPO targets per critical service.
Continuity strategy
We reduce the likelihood and impact of disruption through resilient, redundant infrastructure across our cloud providers, geographic distribution where appropriate, and a remote-first operating model that limits dependence on any single physical location. Critical suppliers are assessed for their own resilience.
Backup
Information and systems necessary to recover critical services are backed up in line with defined frequency and retention. Backups are protected, access-controlled, and encrypted, and their restorability is verified through testing.
Redundancy and availability
Critical platform components are designed for redundancy and high availability, with failover capability appropriate to the agreed recovery targets. Capacity and availability are monitored on an ongoing basis.
Incident and crisis response
Disruptive incidents are managed in coordination with our Information Security Incident Response Plan. Roles and responsibilities for invoking continuity and recovery procedures are defined, with clear escalation paths and communication to affected stakeholders, including customers and regulators where required.
Roles and responsibilities
The CISO owns this policy and the continuity and recovery arrangements. Named roles are responsible for declaring an incident, leading recovery, and coordinating internal and external communications. Responsibilities are assigned so that recovery does not depend on a single individual.
Testing and exercising
Continuity and recovery arrangements, including backup restoration and failover, are tested and exercised on a defined schedule and after significant change. Results are recorded and used to improve the arrangements.
Email trust@deliverance.ai for our testing cadence and most recent test date.
Review
This policy and the underlying arrangements are reviewed at least annually, after any significant incident, and following material change to the business or platform.