Legal

Resilience Overview

Resilience Overview
Service Level Agreement
Governance
Data Processing Agreement
Security
Privacy Policy

1.   Purpose

Lobyco is committed to ensuring business continuity and protecting customer services in the face of unexpected disruptions. Our resilience framework is designed to safeguard data, maintain availability, and restore operations quickly and effectively.

Lobyco’s resilience planning ensures rapid, secure recovery of services while minimizing disruption to customers. While detailed internal processes are restricted for security reasons, Lobyco provides clear commitments on continuity, backup, and recovery practices, and in the event of disruption, we work closely with customers to manage impacts and uphold service levels.

The Lobyco resilience efforts consist of governance, a business continuity plan, and backup and disaster recovery principles.

2.   Governance

To govern Lobyco’s operational resilience, we have daily activities to ensure stable operations. Moreover, in the event of a crisis, a special organization and set of processes will be applied to address the crisis.

In particular, a Crisis Management Team (CMT) will assemble to run a Business Continuity Plan:

  • Crisis Management Team (CMT): The CMT is comprised of senior executives and functional leads, the CMT is activated in the event of a crisis to coordinate decision-making, communication, and recovery.
  • Mandate: The CMT is empowered to stabilize situations, protect confidentiality, integrity, and availability of data, and oversee service restoration.
  • The Business Continuity Plan (BCP) is reviewed at least annually and tested through exercises (table-top, simulations, or full-scale) to ensure effectiveness.

3.   Business Continuity Plan

In the event of a major disruption caused by natural disasters, cyber-attacks, national or widespread power outages or the like, Lobyco will follow a business continuity plan to quickly recover and normalise operation. This plan has these high-level phases:

  1. Activation: The BCP can be activated by the Situation Manager or CTO, or upon customer request if agreed service levels cannot be met.
  2. Business Impact Analysis (BIA): Identifies critical business activities, financial/operational impacts of disruption, and prioritization of recovery actions.
  3. Mitigation: The goal of the BCP is to mitigate the crisis. The CMT will coordinate resources, actions, initiatives, and communications, to ensure that operations return to stable operations as soon as possible. The crisis is mitigated when the CMT confirms safe return to stable operations. When a crisis has been mitigated the BCP continues to the next step, ‘post-crisis evaluation’.
  4. Post-Crisis Evaluation: Within three days of resolution, a structured evaluation is performed. The purpose of this is to collect learnings and ensure that the mitigating actions are adequate and suitable for long-term operations.

4.   Backup and Disaster Recovery Principles

Backup:

  • All systems, applications, and data are covered by structured backup procedures.
  • Backups are stored securely with redundancy and verification to ensure recoverability.
  • Critical systems may use off-site backups to guarantee recovery even in rare large-scale or multi-regional events.

Restoration:

  • Infrastructure, applications, and data can be restored at both single-customer level (isolated recovery) and full-environment level, ensuring no cross-customer impact.
  • Restoration always includes verification checks to confirm that recovered services operate as expected.

1.   Purpose

Lobyco is committed to ensuring business continuity and protecting customer services in the face of unexpected disruptions. Our resilience framework is designed to safeguard data, maintain availability, and restore operations quickly and effectively.

Lobyco’s resilience planning ensures rapid, secure recovery of services while minimizing disruption to customers. While detailed internal processes are restricted for security reasons, Lobyco provides clear commitments on continuity, backup, and recovery practices, and in the event of disruption, we work closely with customers to manage impacts and uphold service levels.

The Lobyco resilience efforts consist of governance, a business continuity plan, and backup and disaster recovery principles.

2.   Governance

To govern Lobyco’s operational resilience, we have daily activities to ensure stable operations. Moreover, in the event of a crisis, a special organization and set of processes will be applied to address the crisis.

In particular, a Crisis Management Team (CMT) will assemble to run a Business Continuity Plan:

  • Crisis Management Team (CMT): The CMT is comprised of senior executives and functional leads, the CMT is activated in the event of a crisis to coordinate decision-making, communication, and recovery.
  • Mandate: The CMT is empowered to stabilize situations, protect confidentiality, integrity, and availability of data, and oversee service restoration.
  • The Business Continuity Plan (BCP) is reviewed at least annually and tested through exercises (table-top, simulations, or full-scale) to ensure effectiveness.

3.   Business Continuity Plan

In the event of a major disruption caused by natural disasters, cyber-attacks, national or widespread power outages or the like, Lobyco will follow a business continuity plan to quickly recover and normalise operation. This plan has these high-level phases:

  1. Activation: The BCP can be activated by the Situation Manager or CTO, or upon customer request if agreed service levels cannot be met.
  2. Business Impact Analysis (BIA): Identifies critical business activities, financial/operational impacts of disruption, and prioritization of recovery actions.
  3. Mitigation: The goal of the BCP is to mitigate the crisis. The CMT will coordinate resources, actions, initiatives, and communications, to ensure that operations return to stable operations as soon as possible. The crisis is mitigated when the CMT confirms safe return to stable operations. When a crisis has been mitigated the BCP continues to the next step, ‘post-crisis evaluation’.
  4. Post-Crisis Evaluation: Within three days of resolution, a structured evaluation is performed. The purpose of this is to collect learnings and ensure that the mitigating actions are adequate and suitable for long-term operations.

4.   Backup and Disaster Recovery Principles

Backup:

  • All systems, applications, and data are covered by structured backup procedures.
  • Backups are stored securely with redundancy and verification to ensure recoverability.
  • Critical systems may use off-site backups to guarantee recovery even in rare large-scale or multi-regional events.

Restoration:

  • Infrastructure, applications, and data can be restored at both single-customer level (isolated recovery) and full-environment level, ensuring no cross-customer impact.
  • Restoration always includes verification checks to confirm that recovered services operate as expected.

Lobyco’s platform is delivered on the Microsoft Azure Cloud, ensuring a secure, resilient, and scalable environment for all services. This cloud foundation ensures that customer data and applications remain secure, reliable, and continuously available.

1.   Purpose

Lobyco is committed to ensuring business continuity and protecting customer services in the face of unexpected disruptions. Our resilience framework is designed to safeguard data, maintain availability, and restore operations quickly and effectively.

Lobyco’s resilience planning ensures rapid, secure recovery of services while minimizing disruption to customers. While detailed internal processes are restricted for security reasons, Lobyco provides clear commitments on continuity, backup, and recovery practices, and in the event of disruption, we work closely with customers to manage impacts and uphold service levels.

The Lobyco resilience efforts consist of governance, a business continuity plan, and backup and disaster recovery principles.

2.   Governance

To govern Lobyco’s operational resilience, we have daily activities to ensure stable operations. Moreover, in the event of a crisis, a special organization and set of processes will be applied to address the crisis.

In particular, a Crisis Management Team (CMT) will assemble to run a Business Continuity Plan:

  • Crisis Management Team (CMT): The CMT is comprised of senior executives and functional leads, the CMT is activated in the event of a crisis to coordinate decision-making, communication, and recovery.
  • Mandate: The CMT is empowered to stabilize situations, protect confidentiality, integrity, and availability of data, and oversee service restoration.
  • The Business Continuity Plan (BCP) is reviewed at least annually and tested through exercises (table-top, simulations, or full-scale) to ensure effectiveness.

3.   Business Continuity Plan

In the event of a major disruption caused by natural disasters, cyber-attacks, national or widespread power outages or the like, Lobyco will follow a business continuity plan to quickly recover and normalise operation. This plan has these high-level phases:

  1. Activation: The BCP can be activated by the Situation Manager or CTO, or upon customer request if agreed service levels cannot be met.
  2. Business Impact Analysis (BIA): Identifies critical business activities, financial/operational impacts of disruption, and prioritization of recovery actions.
  3. Mitigation: The goal of the BCP is to mitigate the crisis. The CMT will coordinate resources, actions, initiatives, and communications, to ensure that operations return to stable operations as soon as possible. The crisis is mitigated when the CMT confirms safe return to stable operations. When a crisis has been mitigated the BCP continues to the next step, ‘post-crisis evaluation’.
  4. Post-Crisis Evaluation: Within three days of resolution, a structured evaluation is performed. The purpose of this is to collect learnings and ensure that the mitigating actions are adequate and suitable for long-term operations.

4.   Backup and Disaster Recovery Principles

Backup:

  • All systems, applications, and data are covered by structured backup procedures.
  • Backups are stored securely with redundancy and verification to ensure recoverability.
  • Critical systems may use off-site backups to guarantee recovery even in rare large-scale or multi-regional events.

Restoration:

  • Infrastructure, applications, and data can be restored at both single-customer level (isolated recovery) and full-environment level, ensuring no cross-customer impact.
  • Restoration always includes verification checks to confirm that recovered services operate as expected.

Redundant architecture providing high availability and fault tolerance.

Multi-region deployment options supporting geographic separation and recovery.

24/7 monitoring of infrastructure health, performance, and security.

Physical and environmental controls managed by Microsoft’s certified data center operations.