Business Continuity, Recovery, and Client Communication Pack for SaaS

Purpose and Scope

This document describes SDK.finance’s approach to business continuity, disaster recovery, service level management, and complaint monitoring.
It outlines the key principles, recovery objectives, and responsibilities that define how SDK.finance ensures service stability, timely recovery, and transparent communication with clients in case of incidents or service-related issues.

This framework applies exclusively to the Application Layer managed and operated by SDK.finance within its AWS environment.
All database-related AWS components — including storage, backups, replication, and regional setup — are fully managed by the client within their own AWS account and are outside the scope of this framework and SDK.finance’s operational control.

Business Continuity Policy and Plan

Purpose

This policy describes how SDK.finance ensures the continuity and recovery of its Application Layer services in the event of incidents, disruptions, or ICT-related failures.
It defines responsibilities, key processes, and communication principles that support uninterrupted service operation and timely recovery.

Business Continuity Approach

SDK.finance operates its Application Layer in a dedicated AWS environment designed for redundancy, resilience, and continuous operation in line with AWS best practices.

Responsibilities are divided as follows:

• SDK.finance

  • Hosts and manages the Application Layer within its AWS environment.

  • Performs continuous maintenance, monitoring, and backups of application components.

  • In the event of a service interruption, makes every reasonable effort to restore application functionality within the defined Recovery Time Objective (RTO), provided that the client’s AWS environment and database are available and operational.

• Client

  • Manages its own AWS infrastructure, including the database layer.

  • Is responsible for backup, data restoration, and regional setup of database resources.

  • Ensures availability of the database required for SDK.finance application recovery.

Business Continuity and Recovery Actions

Incident Detection and Classification

• Incidents are detected through system monitoring or reported by the client via the established support channel.

• Each incident is classified as one of the following:

  • SDK.finance AWS or application-level issue.

  • Client-side database or infrastructure issue.

  • External dependency failure (e.g., AWS regional outage, third-party service disruption).

Response and Recovery

• SDK.finance initiates recovery procedures for the Application Layer.

• If required, the issue is escalated to AWS Support.

• If the root cause lies in the client’s AWS infrastructure or database, SDK.finance informs the client and may provide recommendations or guidance, where applicable.

• Once the client’s database is available, SDK.finance restores full application functionality within the defined RTO.

Validation and Documentation

• Restored services are verified for normal operation.

• For major incidents significantly affecting availability or client operations, SDK.finance prepares a post-incident summary including root cause, corrective actions, and prevention measures.

Key Roles and Responsibilities

Clients can report incidents through the established support communication channel.
During business hours (Monday to Friday, 08:00–17:00 CET, except for occasional scheduled days off, which are announced in advance), the SDK.finance support team will:

• Advise the client if the issue is caused by incorrect system use.

• Escalate to AWS Support if the problem lies within SDK.finance’s AWS infrastructure.

• Escalate internally and create a fix task if the issue relates to SDK.finance’s code or configuration.

• Inform the client if the issue is within the client’s AWS environment or database configuration.

Disaster Recovery Policy

Purpose

This policy describes how SDK.finance manages recovery procedures for the Application Layer of its platform, which is hosted and maintained within SDK.finance’s AWS environment, ensuring that critical services are restored in a controlled and timely manner.

Hosting and Responsibility Model

Responsibilities between SDK.finance and the client are defined as follows:

• SDK.finance

  • Hosts and manages the Application Layer in its own AWS infrastructure.

  • Performs ongoing monitoring, maintenance, and backups of application components.

  • In case of a service disruption, makes every reasonable effort to restore application functionality within the defined Recovery Time Objective (RTO), provided that the client’s AWS environment and database are available and operational.

  • Supports the client in incident analysis and, if required, coordinates with AWS Support.

• Client

  • Manages its AWS infrastructure and database layer, including backup, data restoration, replication, and regional setup.

  • Defines its own Recovery Point Objective (RPO) and RTO for database-level recovery, based on its AWS configuration and backup policy.

  • Ensures the database availability required for SDK.finance’s application restoration.

Both parties operate under the AWS Shared Responsibility Model.

Recovery Objectives

1. The incident is detected or reported through the client’s communication channel.

2. SDK.finance performs initial analysis during business hours.

3. The root cause is classified as one of the following:

   • Client-side misuse → guidance or recommendations provided.

   • Client’s AWS or database issue → client notified, assistance provided if required.

   • SDK.finance code or configuration issue → workaround or hotfix applied; permanent fix task created.

4. Service recovery is verified, and the client is informed.

Service Level Agreement (SLA)

Purpose

This SLA defines the service levels and response commitments for support related to SDK.finance’s Application Layer.

Service Availability

• Target platform availability: 99% per calendar month (excluding planned maintenance and AWS outages).

• Planned maintenance is announced to clients at least 24 hours in advance.

Support Hours

• Support is available Monday to Friday, 08:00–17:00 CET (except for occasional scheduled days off, which are announced in advance).

• Requests received outside business hours are processed on the next business day.

Incident Response & Resolution

SDK.finance makes reasonable efforts to restore its application services within the defined RTO and RPO, assuming the client’s AWS infrastructure and database are operational.

SDK.finance is not responsible for:

• Outages or performance issues within the client’s AWS environment or database configuration.

• Data loss resulting from the client’s AWS setup or backup policy.

• Failures of third-party systems or AWS platform-level incidents beyond SDK.finance’s control.

• Force majeure events such as natural disasters, large-scale power or network outages, cyberattacks, war or terrorism, or governmental actions and restrictions affecting cloud infrastructure or internet availability, and other events beyond SDK.finance’s reasonable control.

Complaint Monitoring Policy

Purpose

This policy defines how SDK.finance manages and monitors client complaints to ensure that all issues are handled fairly, consistently, and within a reasonable timeframe.

Complaint Handling Process

• Clients can submit complaints or feedback through the established support communication channel.

• Each complaint is reviewed by SDK.finance’s support or account management team during business hours.

• SDK.finance aims to acknowledge receipt of a complaint within one business day and to provide an initial response or update within three business days.

• If a complaint relates to the client’s AWS infrastructure or database, SDK.finance will inform the client and provide guidance, but investigation and resolution remain the client’s responsibility.

• All complaints are logged and periodically reviewed to identify trends and opportunities for improvement.

References and Links

SDK.finance’s Business Continuity and Disaster Recovery practices are based on AWS best-practice frameworks relevant to the Application Layer hosted in SDK.finance’s AWS environment.

• AWS Shared Responsibility Model – link
  Defines how AWS secures the cloud infrastructure, while SDK.finance secures and operates its application within it.

• AWS Well-Architected Framework: Security Pillar – link
  Provides principles for secure configuration, IAM, monitoring, and incident response applied to the SDK.finance Application Layer.

• AWS Disaster Recovery Whitepaper – link
  Outlines AWS-native recovery mechanisms used for SDK.finance application components.
  Database recovery in the client’s AWS environment remains the client’s responsibility.

Policy Review and Maintenance

This document is reviewed at least annually or after any material change in SDK.finance’s infrastructure or operations to ensure alignment with applicable business continuity standards and regulatory frameworks, including the EU Digital Operational Resilience Act (DORA).

This document is provided for transparency and informational purposes only. In the event of any inconsistency between this policy and a client’s contractual agreement with SDK.finance, the terms of the signed agreement shall prevail.