Effective Date: January 1, 2025
Last Updated: January 1, 2025

1. Introduction
1.1 Net Onboard Sdn Bhd is committed to ensuring uninterrupted service availability, data protection, and operational resilience in the event of disasters, cyberattacks, or unforeseen incidents.
1.2 This Disaster Recovery & Business Continuity Plan (DR & BCP) establishes:
– Preparedness strategies for mitigating service disruptions.
– Procedures for rapid recovery of systems and critical operations.
– Compliance with industry standards for disaster recovery and business continuity.
1.3 This policy applies to:
– All cloud services, IT infrastructure, databases, and operational processes managed by Net Onboard.
– All employees, customers, vendors, and third-party service providers interacting with Net Onboard’s systems.
1.4 This policy aligns with:
– ISO 22301 – Business Continuity Management System (BCMS)
– ISO 27001 – Information Security Management
– National Institute of Standards and Technology (NIST) Disaster Recovery Standards
– Bank Negara Malaysia (BNM) Risk Management Standards (for financial service clients)

2. Business Continuity Objectives & Risk Management
2.1 Objectives of the Business Continuity Plan (BCP):
– Minimize downtime and ensure rapid recovery of IT systems, cloud services, and business operations.
– Safeguard customer data and maintain service availability during crises.
– Comply with regulatory requirements and industry best practices for business continuity.
2.2 Risk Assessment & Disaster Scenarios Covered:
Net Onboard has identified and prepared for the following high-impact risks:
– Cybersecurity threats (ransomware, DDoS attacks, hacking incidents).
– Natural disasters (floods, earthquakes, power outages).
– Hardware/software failures (server crashes, database corruption, data loss).
– Human errors or operational failures affecting cloud services.

3. Disaster Recovery (DR) Framework & Implementation
3.1 Disaster Recovery Plan (DRP) Overview:
– A redundant infrastructure strategy is in place to ensure continuous operations across multiple data centers.
– Automated failover mechanisms allow real-time switching to backup systems in case of failure.
– Disaster recovery is tested quarterly to validate system resilience and recovery speed.
3.2 Data Backup & Replication Strategy:
– Daily automated backups with geo-redundant storage in two separate data centers.
– Data retention period of 90 days for business-critical systems.
– AES-256 encryption for all stored and transmitted data to prevent data breaches.
3.3 RTO (Recovery Time Objective) & RPO (Recovery Point Objective) Standards:
3.3.1 Mission-Critical Systems (Cloud & Hosting Services)
– Recovery Time Objective (RTO): 1 hour
– Recovery Point Objective (RPO): 15 minutes
3.3.2 Business Operations & Financial Systems
– Recovery Time Objective (RTO): 4 hours
– Recovery Point Objective (RPO): 1 hour
3.3.3 Non-Critical Internal Systems
– Recovery Time Objective (RTO): 24 hours
– Recovery Point Objective (RPO): 12 hours

4. Business Continuity Plan (BCP) Implementation
4.1 BCP Activation & Incident Management Process:
– The BCP is triggered in the event of service outages, security incidents, or operational disruptions.
– A dedicated Incident Response Team (IRT) is responsible for coordinating recovery and communication efforts.
– Stakeholders, customers, and regulators will be notified within 2 hours of a critical incident.
4.2 Alternative Work Arrangements & Remote Operations:
– Employees are equipped with secure remote access and cloud-based collaboration tools.
– Business functions can transition to remote operations within 24 hours in case of facility disruption.
4.3 Communication Plan & Stakeholder Updates:
– Customers will be updated via:
– Email notifications on service status.
– Public cloud service dashboards for live system updates.
– Dedicated customer support hotlines for high-priority cases.

5. Vendor & Third-Party Continuity Compliance
5.1 Vendor Risk Management & Contingency Planning:
– All third-party vendors must comply with Net Onboard’s DR & BCP policies.
– Cloud and infrastructure vendors must maintain a 99.9% SLA uptime guarantee.
5.2 Regular Vendor DR Audits:
– Annual disaster recovery tests are conducted to validate vendor compliance and risk management.
– Vendors failing to meet reliability standards may face contract termination.

6. Continuous Improvement & Testing
6.1 Quarterly Business Continuity Drills:
– Tabletop exercises and simulation drills are conducted to test BCP effectiveness.
– Employees and technical teams participate in emergency response training.
6.2 Post-Incident Review & Policy Updates:
– After any major disruption, a root cause analysis (RCA) is conducted to improve response strategies.
– The BCP is reviewed and updated annually to align with evolving risks and industry standards.

7. Enforcement & Non-Compliance Consequences
7.1 Failure to comply with DR & BCP policies may result in:
– Service suspension or termination for vendors failing DR tests.
– Legal or financial penalties if non-compliance leads to business losses.

8. Governing Law & Dispute Resolution
8.1 This policy is governed by Malaysian law, including:
– The Communications and Multimedia Act 1998
– Bank Negara Malaysia (BNM) Risk Management Framework
– Personal Data Protection Act (PDPA) 2010
8.2 Disputes related to disaster recovery obligations will be resolved through mediation before arbitration or litigation.

9. Amendments & Updates
9.1 Net Onboard reserves the right to update this Disaster Recovery & Business Continuity Plan (DR & BCP) at any time.
9.2 Customers, partners, and vendors will be notified of material changes via email or system notifications.
For business continuity inquiries, contact [email protected].