Business Continuity
Resilience, recovery, and reliability
Overview
Enterprise Skills Ltd maintains business continuity through a cloud-native architecture designed for resilience, automated recovery, and minimal single points of failure.
Last updated March 2026. Next review March 2027.
Infrastructure Resilience
| Component | Provider | Continuity Feature |
|---|---|---|
| Application hosting | Netlify | Automatic failover, global CDN distribution, instant rollback to previous deployments |
| CDN and security | Cloudflare | DDoS protection, automatic traffic routing across global edge network, always-on availability |
| Database | Supabase (AWS eu-west-2) | Automated daily backups, point-in-time recovery, encrypted backups (AES-256) |
| Source control | GitHub | Full version history, branch protection, ability to redeploy from any commit |
Backup Strategy
Database
Automated daily backups with point-in-time recovery. Backups are encrypted (AES-256) and stored within the UK (eu-west-2).
Application code
Version-controlled in GitHub with full commit history. Any previous version can be redeployed within minutes.
Configuration
Infrastructure configuration is managed as code, enabling rapid recreation of the hosting environment if required.
Recovery Objectives
| Metric | Target |
|---|---|
| Recovery Point Objective (RPO) | Less than 24 hours (daily backups with point-in-time recovery) |
| Recovery Time Objective (RTO) | Less than 4 hours for critical services |
Scenario Planning
| Scenario | Mitigation |
|---|---|
| Hosting provider outage (Netlify) | Cloudflare CDN serves cached content. Application can be redeployed to alternative hosting within hours. |
| Database provider outage (Supabase) | Point-in-time recovery from encrypted backups. Data stored in AWS eu-west-2 with AWS's own redundancy. |
| DDoS attack | Cloudflare provides automatic DDoS mitigation at the network edge. |
| Code defect in deployment | Instant rollback to previous working deployment via Netlify. |
| Loss of key personnel | All systems use SSO with documented access procedures. No single person holds exclusive access to critical infrastructure. |
Communication During Incidents
During a service disruption, Enterprise Skills Ltd will communicate with affected institutions via email.
Critical data security incidents will be notified within 72 hours in accordance with UK GDPR requirements.
Review
This business continuity plan is reviewed annually and following any significant incident.