← Back to vespa.academy
VESPA Academy — Business Continuity & Disaster Recovery Plan
1. Purpose
This document sets out how 4Sight Education Ltd ("the Company") will maintain or restore the VESPA Academy service in the event of business disruption or technical disaster. It covers:
- Business Continuity (BCP): keeping the business operating (commercial, administration, customer-facing).
- Disaster Recovery (DR): restoring the technical platform if hosting, data or systems are disrupted.
It is deliberately scoped to the size of the business (2 FTEs, 2 NEDs, a managed-provider technology stack and 600+ school customers) and recognises that the majority of operational resilience is delivered by mature, audited managed providers (Supabase, Vercel, AWS, Stripe, Microsoft 365, Google Workspace).
2. Scope
In scope:
- The VESPA Academy 2.0 platform (app.vespa.academy) and legacy Coaching Portal.
- The marketing site (vespa.academy).
- Customer-facing operations: support, onboarding, training delivery, billing and renewals.
- Internal operations: finance, accounts, payroll, sub-processor management.
- Information held by the Company about customers and staff.
Out of scope:
- Sub-processor internal continuity (Supabase, Vercel, AWS, Stripe, SendGrid, OpenAI, Wonde, Microsoft, Google) — each provider maintains its own SOC 2 / ISO 27001 audited BCP/DR programmes; we monitor their public status pages and treat their failure as a scenario in §5.
3. Roles & Responsibilities
| Role | Holder | Primary responsibility on incident |
|---|
| Incident Commander | Antony Dennis (Director & Co-founder) | Declares incident, leads response, makes customer comms decisions, technical recovery. |
| Deputy / Continuity Lead | Clare Dennis | Activates plan if Director unavailable; runs customer comms and administrative continuity; holds full credential access. |
| Overall business / customer-relationship successor | Martin Griffin (Co-founder, Pedagogical Lead, CPD Lead) | In a long-term key-person scenario, assumes overall stewardship of customer accounts, pedagogical direction and CPD/training delivery. Provides institutional knowledge and continuity of the VESPA mission. |
| Long-term technical successor | Oliver Dennis | Assumes technical platform stewardship if both FTEs unavailable for an extended period; supported by Martin (business), the NEDs and managed providers, plus paid contractors for additional specialist depth where needed. |
| Board oversight | Mark Doyle (NED) & Rory Cameron (NED) | Strategic continuity, decision-making support, customer/partner reassurance, succession decisions. |
| Finance continuity | Clare Dennis (primary) + Mark Doyle (NED, finance oversight) | Continuation of invoicing, payroll, supplier payments, banking. |
| Legal continuity | External legal advisor engaged at point of incident; supported by NEDs. | Data protection, contracts, insurer liaison. |
4. Recovery Objectives
| Objective | Target | Notes |
|---|
| RTO – Application (stateless) | ≤ 1 hour | Redeploy from GitHub via Vercel from a new account if needed. |
| RTO – Database (stateful) | ≤ 4 hours | Restore from Supabase point-in-time recovery (PITR). |
| RPO – Customer data | ≤ 24 hours (realistically ≤ 1 hour via PITR) | Supabase PITR provides effectively continuous recovery point. |
| RTO – Customer comms | ≤ 4 hours | Pre-drafted holding statement; email via Google Workspace; status page. |
| RTO – Key-person succession | Operational continuity ≤ 24 hours; technical ≤ 7 days | Clare Dennis already holds full operational and credential access; Martin Griffin steps in for overall business/customer stewardship; Oliver Dennis briefed annually for technical succession. |
| Maximum tolerable outage (MTO) | 72 hours | Beyond this we expect customer impact to be material; this is the trigger for escalation to public comms, refunds discussion, and successor activation. |
5. Scenario Playbooks
5.1 Director (Antony Dennis) incapacitated or unavailable — short-term (<2 weeks)
Likelihood: Low. Impact: Medium.
- Clare Dennis activates the plan as Continuity Lead. She already holds:
- Shared password vault (all credentials).
- Banking / Stripe / Xero access.
- Customer admin email accounts.
- Mobile phone access for 2FA codes (shared trusted devices).
- Customer-facing continuity: Clare continues to handle support@/admin@vespa.academy, escalating pedagogical/customer-relationship questions to Martin Griffin and reserving any technical platform changes until the Director returns.
- No technical changes required: The platform is self-managing for short periods — Supabase and Vercel auto-scale, auto-patch and auto-monitor. No deploys are required for normal operation.
- Martin Griffin notified within 24 hours to co-cover customer/pedagogical queries and any scheduled training delivery.
- NEDs notified within 24 hours. Mark Doyle and Rory Cameron consulted on any externally visible communication.
- AI features and integrations continue without intervention.
5.2 Director incapacitated long-term or permanently
Likelihood: Very low. Impact: Very high.
- Clare Dennis assumes full operational lead (administration, finance, customer comms, credential access).
- Martin Griffin assumes overall business and customer-relationship leadership as co-founder. This includes:
- Stewardship of customer accounts and ongoing relationships.
- Continuation of CPD training, pedagogical direction and product priorities.
- Co-signing customer communications alongside Clare and the NEDs.
- Strategic partnership with the NEDs on the company's medium-term direction.
- Oliver Dennis assumes technical platform stewardship, supported by:
- The complete documentation set (this BCP/DR, code repositories, infrastructure-as-code, sub-processor contracts, customer database).
- Direct access to Supabase / Vercel / GitHub / OpenAI / Stripe / SendGrid (via the shared vault and own MFA devices).
- Engagement of a paid technical contractor where additional specialist depth is needed (budget reserved in the company's cash position).
- Pre-existing familiarity with the platform basics (briefed annually as part of plan testing).
- Customer communication plan:
- Personal letter from Clare Dennis, Martin Griffin and the NEDs to all customer schools within 7 days.
- Reassurance that data, access, support and renewals continue.
- Identification of Martin Griffin as the new primary point of contact for customer relationships and CPD.
- Optional offer of early data export if any customer wishes to wind down.
- Strategic review by NEDs + Martin Griffin: A 30-day review of the company's options: continue as going concern under Martin's leadership (most likely scenario given his co-founder status), recruit a CTO, partner with another EdTech, or orderly wind-down with full data return to schools.
- Insurance: Key person insurance is being evaluated as part of ISP-scale onboarding.
- Maximum customer-impact assumption: Even in the worst case, the platform runs unattended for 30–90 days given the managed-provider stack and automated billing/renewals. This buys time for an orderly succession or transition under Martin's stewardship.
5.3 Both FTEs unavailable simultaneously (e.g. shared event)
Likelihood: Very low. Impact: Very high.
- Martin Griffin (co-founder) and the NEDs (Mark Doyle, Rory Cameron) activate the plan, contactable via the contact register held with the Company's legal/accounting advisors.
- Martin Griffin assumes overall business and customer-relationship leadership (as in §5.2) given his co-founder status and direct customer/CPD relationships.
- Oliver Dennis activated as technical successor (as in §5.2).
- Service continues automatically — no manual intervention is required for the platform to keep serving its existing users (Supabase, Vercel, Stripe and SendGrid all run unattended).
- 30-day grace period: During the first 30 days, no urgent decisions are required other than:
- Critical security patches (handled by managed providers automatically).
- Customer support — diverted to an auto-reply directing schools to Martin Griffin / the NEDs.
- Beyond 30 days: Martin Griffin and the NEDs jointly make the decision on continuation, sale or orderly wind-down, with customer data return guaranteed in any wind-down scenario per the Data Retention Policy.
5.4 Supabase outage (primary database / auth / storage)
Likelihood: Low. Impact: High (platform unavailable for affected period).
- Detection: Automated monitoring (Vercel build/runtime errors, Supabase status page, customer reports).
- Triage (15 minutes): Confirm scope on https://status.supabase.com.
- Customer comms (within 30 minutes of confirmed P1):
- Email to school admins from
noreply@notifications.vespa.academy.
- Status note on the marketing site.
- During outage: Read-only product is largely unavailable as Supabase holds primary state. Static assets continue to serve from Vercel edge.
- Recovery: Driven by Supabase recovery. Verify integrity post-recovery; spot-check key tables; verify auth flows.
- Data loss scenario: If data loss occurred at Supabase, invoke Supabase PITR (point-in-time recovery) — recovery point typically within minutes/hours of the incident.
- Post-incident review (within 5 working days) issued to affected customers if P1.
5.5 Vercel outage (hosting / serverless functions / edge)
Likelihood: Low. Impact: High (application layer down).
- Detection as above (https://www.vercel-status.com).
- Comms as above.
- During outage: Database remains intact at Supabase; if extended, the application is redeployable on an alternative platform from the same source code (this is feasible within hours but rarely required given Vercel's track record).
- Recovery: Automatic — Vercel restores service. No data loss as Vercel does not hold primary state.
5.6 Email provider outage (SendGrid / Twilio)
Likelihood: Low. Impact: Medium (transactional emails delayed: welcome, reset, reports).
- Detection via SendGrid status page; Vercel function errors.
- Mitigation: Switch to alternative provider (AWS SES, Mailgun) — code change isolated to the email service layer; can be rolled out within 1–4 hours via Vercel deploy.
- Customer impact: Sign-ins (which do not depend on email) and platform use continue. Password reset / new account welcome emails delayed.
5.7 OpenAI outage / AI provider failure
Likelihood: Low. Impact: Low — AI features are explicitly optional and advisory.
- Detection via OpenAI status / Vercel function errors.
- Mitigation: AI features fail-gracefully with a clear user message — the rest of the platform continues to function (this is built into the application — see AI Usage Policy §12).
- Recovery: Automatic on OpenAI restoration; or substitute provider (Anthropic, Azure OpenAI) per feature flag.
5.8 Stripe outage / payments provider failure
Likelihood: Low. Impact: Low — most school billing is by invoice / PO, not card; only self-service card transactions are affected.
- Mitigation: Continue invoice billing via Xero / banking. Card payments retried automatically on Stripe recovery.
5.9 Wonde outage / MIS bridge failure
Likelihood: Low. Impact: Low — affects MIS sync only; user accounts and platform use continue based on the last successful sync.
- Mitigation: Fallback to manual CSV upload or Microsoft / Google directory sync.
5.10 Cyber incident / ransomware / data breach
Likelihood: Very low. Impact: Very high.
- Detection: Anomalous activity in Supabase logs, Vercel logs, GitHub audit, or external notification.
- Containment (within 1 hour):
- Rotate all admin credentials in the shared vault.
- Revoke any compromised tokens (Vercel, Supabase, OpenAI, SendGrid, Stripe, GitHub).
- Force-logout all sessions if user accounts are implicated.
- Assessment (within 24 hours): Identify scope of any data accessed/exfiltrated; engage external legal advisor and (if held) cyber insurer panel.
- Notification (within 72 hours where required):
- ICO (Article 33) if personal data breach with risk to data subjects.
- Affected schools (controllers) — without undue delay.
- Affected individuals where high-risk (Article 34).
- Recovery: Restore from clean Supabase PITR snapshot pre-incident; rebuild affected services from source. No ransom paid in any circumstances (NCSC / NCA guidance).
- Post-incident review: Full PIR within 10 working days, shared with affected customers and (where applicable) ICO and insurer.
- Engaged advisors at time of incident: External data-protection legal counsel; NCSC reporting via the official channel; insurer (if cyber insurance held — see §9).
5.11 Office / physical disruption
Likelihood: Very low. Impact: Very low — the Company is remote-first; no single physical office is critical to operations. Both FTEs and NEDs operate from home/remote and the platform itself is cloud-hosted.
5.12 Sub-processor pricing or commercial failure (e.g. provider acquired, shut down)
Likelihood: Low. Impact: Medium — requires migration project.
- Mitigation strategy: Maintain technical portability. The database is standard PostgreSQL (Supabase is hosted Postgres, not a proprietary engine). The application is standard Node.js + React deployable on any platform. Migration paths exist for every critical sub-processor (see Section 9d of the TDDA response).
- Trigger: 6-month notice from a provider would trigger an immediate migration project, executable within that window for any of the named sub-processors.
6. Customer Communications Playbook
6.1 Pre-drafted holding statement (for confirmed P1 platform issue)
Subject: VESPA Academy — Service issue [date]
>
Dear [School name],
>
We are currently experiencing a service issue affecting VESPA Academy. Our engineering team is engaged with our hosting providers ([Supabase / Vercel]) and we are working to restore normal service as quickly as possible.
>
What is affected: [brief description]
Estimated time to restoration: [time / "investigating"]
What you need to do: Nothing — we will update you within [2 hours].
>
If you have any urgent concerns please reply to this email or contact us at admin@vespa.academy.
>
Antony Dennis / Clare Dennis — VESPA Academy
6.2 Comms cadence
- Initial customer notification within 30 minutes of confirmed P1.
- Updates every 2 hours until resolution.
- Resolution notification within 1 hour of full restoration.
- Written post-incident review within 5 working days for any P1.
6.3 Customer escalation contacts
- Primary: admin@vespa.academy / tony@vespa.academy (Antony Dennis).
- Operational backup: Clare Dennis (via admin@vespa.academy).
- Business / pedagogical / CPD backup: Martin Griffin (Co-founder, Pedagogical Lead).
- Board: NEDs (Mark Doyle, Rory Cameron) notified for any P1 lasting >4 hours.
7. Credential Continuity
- All critical credentials are stored in a shared encrypted password vault accessible to both Antony Dennis and Clare Dennis.
- Each credential has MFA enforced with recovery codes stored in the vault.
- Domain registrar, banking, Stripe, Supabase, Vercel, GitHub, OpenAI, SendGrid, Google Workspace and Microsoft 365 are all included in the vault.
- A paper "break-glass" envelope containing emergency recovery information (master vault recovery key, list of critical sub-processor accounts, NED + co-founder contact details) is held held securely by Clare Dennis, with a duplicate sealed envelope held by the Company's professional advisors; Martin Griffin and the NEDs are named on the access register and is accessible to Martin Griffin and the NEDs in the event both FTEs are unavailable.
- The vault is reviewed and rotated annually (or immediately on any change of personnel).
8. Testing & Maintenance
| Activity | Frequency | Owner | Last performed | Next due |
|---|
| Full plan review | Annual | Director + Martin Griffin + NEDs | May 2026 (initial issue) | May 2027 |
| Tabletop walkthrough — key-person scenario | Annual | Director + Clare Dennis + Martin Griffin | — (first year) | Within 6 months of issue |
| Tabletop walkthrough — provider outage scenario | Annual | Director | — (first year) | Within 6 months of issue |
| Supabase restore drill (staging) | Annual | Director | — (first year) | Within 6 months of issue |
| Credential vault review and rotation | Annual | Director + Clare Dennis | May 2026 | May 2027 |
| Oliver Dennis (technical successor) briefing | Annual | Director | At issue | May 2027 |
| Martin Griffin + NED briefing on plan | Annual | Director | At issue | May 2027 |
The plan is updated immediately on any:
- Material change to the technology stack or sub-processor list.
- Personnel change.
- Material customer-impacting incident (lessons-learned update).
9. Insurance & Financial Resilience
- Professional indemnity / cyber insurance: Professional indemnity and cyber liability insurance arrangements are being evaluated as part of ISP-scale onboarding. Contact admin@vespa.academy for current status.
- Cash runway: Sufficient operating cash reserve to maintain platform sub-processor costs (Supabase, Vercel, etc.) for six months without new revenue, providing protection against short-term commercial disruption.
- Banking continuity: Primary business banking is accessible online by both FTEs, with Clare Dennis holding co-signatory access for operational continuity.
10. Sub-Processor BCP/DR Posture (summary)
| Provider | Audited DR? | Public status page | Notes |
|---|
| Supabase | SOC 2 Type II + ISO 27001 — yes | https://status.supabase.com | PITR backups; multi-AZ within AWS region. |
| Vercel | SOC 2 Type II + ISO 27001 — yes | https://www.vercel-status.com | Multi-region edge; rapid failover. |
| AWS (underlying Supabase host) | Industry-standard; multi-AZ available | https://health.aws.amazon.com/health/status | Multi-AZ enabled via Supabase. |
| Stripe | PCI DSS Level 1 — yes | https://status.stripe.com | Highly resilient. |
| OpenAI | SOC 2 Type II — yes | https://status.openai.com | Optional feature; graceful degradation. |
| SendGrid (Twilio) | SOC 2 Type II — yes | https://status.sendgrid.com | Alternate provider available on demand. |
| Wonde | UK provider with own BCP | https://status.wonde.com (or equivalent) | CSV fallback always available. |
| Microsoft 365 / Google Workspace | Industry-standard | https://status.cloud.google.com / https://status.office.com | Email and identity continuity. |
11. Document Control
- Owner: Antony Dennis, Director & Co-founder, 4Sight Education Ltd.
- Joint owner: Clare Dennis (Operations / Continuity Lead).
- Co-founder sign-off: Martin Griffin (Pedagogical Lead, business successor).
- Board sign-off: Mark Doyle (NED), Rory Cameron (NED).
- Technical successor briefing: Oliver Dennis (acknowledgement of role).
- Confidentiality: Internal — shared with potential partners under NDA on request.
Signatures (for the printed/signed copy)
| Role | Name | Signature | Date |
|---|
| Director / Plan Owner / Co-founder | Antony Dennis | _________________ | ___ / ___ / 2026 |
| Joint Owner / Continuity Lead | Clare Dennis | _________________ | ___ / ___ / 2026 |
| Co-founder / Business Successor | Martin Griffin | _________________ | ___ / ___ / 2026 |
| Non-Executive Director | Mark Doyle | _________________ | ___ / ___ / 2026 |
| Non-Executive Director | Rory Cameron | _________________ | ___ / ___ / 2026 |
| Named Technical Successor (acknowledgement) | Oliver Dennis | _________________ | ___ / ___ / 2026 |
This Business Continuity and Disaster Recovery Plan is issued by 4Sight Education Ltd (trading as VESPA Academy) in May 2026, and is the formal first edition of the documented BCP/DR programme. It will be reviewed annually and updated immediately on any material change.
Related Documents
© 2026 VESPA Academy 2.0 - 4Sight Education Ltd. All rights reserved.