Do you have a business continuity plan? RELAYTO has a business continuity plan to address how to resume or continue providing services to users—as well as how to function as a company—if business-critical processes and activities are disrupted. We conduct a cyclic process consisting of the following phases: ● Business impact and risk assessments. We conduct a business impact assessment (BIA) at least annually to identify processes critical to RELAYTO, assess the potential impact of disruptions, set prioritized timeframes for recovery, and identify our critical dependencies and suppliers. We also conduct a company-wide risk assessment at least annually. The risk assessment helps us systematically identify, analyze, and evaluate the risk of disruptive incidents to RELAYTO. Together, the risk assessment and BIA inform continuity priorities, and mitigation and recovery strategies for business continuity plans (BCPs). ● Business continuity plans. Teams identified by the BIA as critical to RELAYTO’s continuity use this information to develop BCPs for their critical processes. These plans help the teams know who is responsible for resuming processes if there’s an emergency, who in another RELAYTO office or location can take over their processes during a disruption, and which methods for communications should be used during a continuity event. These plans also help prepare us for a disruptive incident by centralizing our recovery plans and other important information, such as when and how the plan should be used, contact and meeting information, important apps, and recovery strategies. RELAYTO’s continuity plans are tied into our company-wide crisis management plan, which establishes RELAYTO’s crisis management and incident response teams. ● Plan testing/exercising. RELAYTO tests selected elements of its business continuity plans at least annually. These tests are consistent with the scope and objectives, are based on appropriate scenarios, and are well-designed with clearly defined aims. The tests may range in scope from tabletop exercises to full-scale simulations of real-life incidents. Based on the results of the testing, as well as experience from actual incidents, teams update and improve their plans to address issues and strengthen their response capabilities. ● Review and approval of the business continuity plan. At least annually, our executive staff reviews the business continuity plan and communicates changes to the rest of the team. Do you have a disaster recovery plan? To address information security requirements during a major crisis or disaster impacting RELAYTO operations, we maintain a disaster recovery plan. The RELAYTO Infrastructure/Security Team, which is composed of three specialized members from our development team, reviews this plan annually and tests selected elements at least annually. 43 of 54