Home / Trust / Risk Management
Risk Management
Appice runs an enterprise risk program aligned with ISO 31000 (risk) and ISO 22301 (business continuity). The program is owned by the CTO, reviewed quarterly by the management committee, and externally audited annually.
Risk framework
We classify risks across six categories. Each is owned by a named member of the leadership team, has a quarterly heat-map review, and ties to a specific set of controls.
| Category | Examples | Owner |
|---|---|---|
| Information Security | Data breach, credential theft, insider threat | Head of Security |
| Operational | Outages, capacity, third-party failure, key-person risk | VP Engineering |
| Privacy and Compliance | Regulatory change, GDPR/DPDP exposure, data subject complaints | DPO |
| Financial | Liquidity, currency, counterparty default | CFO |
| Reputational | Customer churn, public incidents, media exposure | CEO |
| Strategic | Market shifts, technology disruption, competitive threat | CEO / CTO |
Risk register
Each identified risk in the register has:
- A risk statement (what could happen)
- Inherent likelihood and impact (1–5 each)
- Existing controls and their effectiveness
- Residual likelihood and impact
- Treatment decision (accept, mitigate, transfer, avoid) with deadline
- Named owner
Risks scoring residual ≥15 are reviewed monthly by the leadership team. The full register is internal; sanitized summaries are available under NDA.
Third-party risk management
Every sub-processor is assessed before onboarding and annually thereafter. The assessment covers:
- Independent attestation (SOC 2, ISO 27001, equivalent)
- Data flow scope — what data they touch, where
- Subcontractor chain
- Incident history and breach notification commitment
- Termination and exit plan
The current sub-processor list is published at /trust/sub-processors.html with 30-day notice for any change.
Business continuity
Continuity strategy
Appice's services are designed to survive single-AZ failures automatically. The continuity plan covers four classes of disruption:
| Disruption | Strategy | RTO target |
|---|---|---|
| Single AZ failure | Auto-failover within region | < 5 min |
| Multi-AZ regional failure | Manual failover to secondary region within country (where applicable) | 4 hours |
| Sub-processor failure (e.g., FCM outage) | Queue and retry; degrade to alternative channel where possible | Service-specific |
| Loss of headquarters access | Full remote operations; on-call rotation continues | 0 (continuous) |
Disaster recovery testing
- Failover drills run quarterly in staging
- Annual full DR exercise in production with customer-facing impact window
- Backup restoration validated monthly with sample dataset
- Tabletop incident exercises run quarterly across infra, app, and security teams
Key-person risk
- No production system depends on a single named operator
- Runbooks for every critical procedure, reviewed quarterly
- Cross-training across infra, security, and platform teams
- On-call rotation requires at least three qualified responders per service
Insurance
Appice maintains commercial insurance including:
- Cyber liability (data breach, regulatory fines, customer notification costs)
- Errors and omissions (professional indemnity)
- General commercial liability
Coverage limits and certificate of insurance available on request.
Incident classification
Incidents are classified P0–P4 with documented response, escalation, and notification protocols. See Security → Incident Response for details.
Want the full risk and BCP package? Sanitized risk register, BCP document, DR test results, and insurance certificate are available under NDA. Email security@appice.ai.