Menu hamburger icon
Trust & Security
OverviewData storage & BackupsPrivacy & Data protectionSecurity & InfrastructureBlockchain technologyCertifications & ReportsDigital signatures & LegalityBusiness continuitySub processorsTerms & policiesMinimum system requirements
Contact salesSign up

Business continuity

Ensuring operational resilience — even when the unexpected happens

At Annature, we understand that resilience and availability are just as important as security and privacy. As a cloud-native organisation supporting thousands of Australian businesses, we maintain a robust Business Continuity Plan (BCP) to ensure our services remain available — even in the face of disruption.

Our BCP is designed in line with our ISO/IEC 27001-certified Information Security Management System (ISMS) and covers personnel, infrastructure, suppliers, cloud systems, and data protection mechanisms.

Built for resilience

Annature operates entirely in the cloud using AWS infrastructure, with all production systems hosted in the ap-southeast-2 (Sydney) region. This architecture is designed to ensure high availability, with redundancy across multiple AWS availability zones.

We conduct regular risk assessments and maintain failover strategies for each layer of our infrastructure, including:

  • Automated database backups with multi-region redundancy
  • Strong service level agreements (SLAs) with third-party providers
  • Alternative access and recovery procedures for DNS, email, and authentication systems
  • Hardened mobile device policies to ensure secure access from remote locations

Our systems are regularly reviewed to maintain compliance with our continuity objectives and evolving operational requirements.

Remote work readiness

If Annature’s physical office premises become inaccessible — due to localised events such as power outages, natural disasters, or public health directives — we seamlessly transition to a remote work posture. All staff are equipped with hardened mobile devices and securely configured laptops that meet baseline security standards, including:

  • Enforced encryption
  • Secure VPN access
  • Endpoint hardening against malicious networks
  • Remote management and monitoring capabilities

Our Acceptable Use Policy, Clear Desk/Clear Screen Policy, and other workplace policies continue to apply during remote operations. Staff are reminded of their responsibilities and supported with ongoing communication through mobile and email.

Cloud service continuity

We rely on best-in-class cloud service providers, such as AWS, to ensure service uptime and data durability. Each provider we work with is evaluated to ensure they meet our requirements for:

  • Confidentiality — data encryption, access controls, and security certifications
  • Integrity — redundancy of critical systems and disaster recovery capabilities
  • Availability — fault tolerance and transparent SLAs

Where providers do not offer contractual guarantees, we maintain internal procedures for alternate recovery options, including rapid data restoration to new cloud environments.

Continuity of key roles

To ensure operational continuity even in times of staff unavailability, Annature implements the following personnel resilience strategies:

  • Cross-training of staff in critical roles
  • Documented processes for all core business operations
  • Retention of external service providers where internal redundancy is not feasible
  • Semi-annual review of role redundancy across the organisation

Staff are briefed regularly on their responsibilities in the event of a disruption, and simulation-based training is used to validate preparedness.

Testing, validation & lessons learned

We conduct annual testing of our Business Continuity Plan to verify that systems, procedures, and personnel are prepared for adverse scenarios. These tests evaluate:

  • Service uptime and system recovery
  • Staff response times and familiarity with continuity processes
  • Information security integrity during disruptions

After each real or simulated event, we hold internal post-incident reviews to assess what worked, what didn’t, and how our processes can be improved. Findings from these reviews feed directly into our ISMS improvement cycle

Oversight & monitoring

Our BCP performance is monitored using a combination of:

  • Feedback from staff, clients, and suppliers
  • Incident logs and metrics on security vulnerabilities or downtime
  • Internal audits of compliance with policy requirements

Performance indicators are reviewed by the CTO and incorporated into our change control process to ensure the plan remains fit for purpose as the business evolves.