Purpose

The purpose of this business continuity plan is to prepare Sourcegraph in the event of extended service outages caused by factors beyond our control (e.g. natural disasters, man-made events, etc.), and to restore services to the widest extent possible in a minimum time frame.

Scope

All Sourcegraph production operations and IT systems that are business critical. This policy applies to all employees of Sourcegraph and to all relevant external parties, including but not limited to Sourcegraph consultants and contractors.

Policy

In the event of a major disruption to production services and a disaster affecting the availability and/or security of the Sourcegraph assets, senior managers and executive staff shall determine mitigation actions.

A disaster recovery test and the business continuity plan(s), including a test of backup restoration processes, shall be performed on an annual basis.

Continuity of information security shall be considered along with operational continuity.

In the case of an information security event or incident, refer to the Security Incident Response Policy.

Communications and Escalation

Executive staff should be notified of any disaster affecting Sourcegraph Corporate IT or production operations.

Communications shall take place over any available regular channels including Slack, email, phone, messaging applications and online meeting tools.

A key contacts list shall be maintained.

Roles and Responsibilities

Role Responsibility
Security team The Security team shall coordinate the necessary BC/DR efforts with all impacted teams to mitigate losses and recover the corporate tools and information systems.
Departmental Heads Each department head shall be responsible for communications with their departmental staff and any actions needed to maintain continuity of their business functions. Departmental heads shall communicate regularly with executive staff and the Tech Ops Manager.
Managers Managers shall be responsible for communicating with their direct reports and providing any needed assistance for staff to continue working from alternative locations.
Head of Customer Support The Head of Customer Support, in conjunction with the CEO and Director of Global Communications shall be responsible for any external and client communications regarding any disaster or business continuity actions that are relevant to customers and third parties.
VP of Engineering The VP of Engineering, in conjunction with the Head of Customer Support, shall be responsible for leading efforts to maintain continuity of Sourcegraph services to customers during a disaster.
VP of People The VP of People shall be responsible for internal communications to employees as well as any action needed to maintain physical health and safety of the workforce.

Continuity of Critical Services

Sourcegraph’s Business Continuity Plan (BCP) has been developed to guide the organization’s response, recovery, and restoration of operations following disruption arising from an incident or crisis. The BCP has been tailored to meet the requirements of specific disruption scenarios and address the business’s needs in those circumstances in order to maintain continuity of product and service delivery and/or essential internal functioning.

The BCP is made up of a set of comprehensive tactical/operational response plans that all teams across the organization can leverage to maintain continuity of their operations. Tactical/operational response plans address specific scenarios that impact either the Enterprise as a whole, or in some cases a smaller subset of teams.

The BCPs can be found here.

Information Security Continuity