About Ribbon

Ribbon Communications (Nasdaq: RBBN) delivers secure cloud communications and IP and optical networking solutions to service providers, enterprises and critical infrastructure sectors globally. We engage deeply with our customers, helping them modernize their networks for improved competitive positioning and business outcomes in today's smart, always-on and data-hungry world. Our end-to-end portfolio of communications software and IP Optical networking solutions delivers superior value and innovation by leveraging cloud-native architectures, automation and analytics tools, and leading-edge security. We maintain a keen focus on our commitments to Environmental, Social, and Governance (ESG) matters, offering an annual Sustainability Report to our stakeholders. To learn more about Ribbon, please visit www.rbbn.com

Business Continuity – Executive Summary

Ribbon is committed at all levels to implementing and maintaining robust arrangements to ensure continuity of service. These arrangements will enable critical Ribbon Teams to continue to deliver key services in the event of minor or major incidents, disruptive events and crisis situations.

Proactive behavior is key; threats are identified, and risks are prioritized on a regular basis. Disruption to Ribbon business operations can come from any type of “event”; man-made or natural, without warning. By placing a priority on Business Continuity Planning, any impact to our employees, customers and partners or our ongoing operations will be minimized.

Business Continuity planning at Ribbon continues to evolve. We have achieved certification to the modern industry standard ISO 22301:2019 at both of our RCO (Plano, Texas – Headquarters) and our Hope Town (Petah Tikva, Israel) locations. These certifications help validate our robust Business Continuity Management System.

Communication – For Our Stakeholders

Regardless of the incident, Ribbon is listening, please call +1 877-412-8867 (our main switchboard) to ask a question or raise a concern. For a detailed response to Business Continuity matters please email bcp@rbbn.com at any time.

During a trigger incident, the Emergency Management Team has an objective to keep the following internal organizations informed on response and recovery activities:

  • Customer Support and Services Organizations
  • Supply Chain Operations
  • R&D Organizations covering HW and SW Development
  • Human Resources to provide employee support

We recognize that Ribbon’s Communications Solutions are often the fallback toolset for the business continuity planning of our customers and their customers. This suite of products allows for remote working during an event along with web conferencing capabilities to improve communications during a disaster recovery. Our customers place their trust in us that their commitments to their customers will be met.

Ribbon Plans and the Business Continuity Management System (BCMS)

Ribbon actively maintains a Business Continuity Management System (BCMS) to ensure stability of all Global Operations following a potential disruption or catastrophic event, such as a natural disaster, pandemic, cyber-attack, or other similar events within the supply chain. The plans within the BCMS define objectives, dependencies and steps to execute in order to limit the impact from the loss of key service or location.

Our BCMS is mandated by Ribbon’s Executive Management Team and is used to ensure the correctness of our Continuity Plans. By following the “Plan, Check, Act, Do” steps. We are externally audited against and certified to the ISO 22301:2019 standard annually. Each year the following steps are executed to ensure:

  • Our organization is aligned to the BCMS.
  • Business Impact Assessment (BIA) and Risk Appetite assessments are performed.
  • Accuracy and system health is assessed by way of quarterly BCP drill exercises.
  • The BCP drill result metrics are used to generate areas for improvement and actions setting.
  • An annual management review is held to keep the business leaders abreast of the action progress, resourcing requirements and the contributing responsibilities of organizations within Ribbon.
  • Internal and External Audits are performed to ensure continued BCMS Certification.

The five major elements of our BCMS:

  • Risk Assessments are performed with the Executive Management team, to decide which facilities and functions are to be analyzed in terms of their relative vulnerability and potential impact of disruptions. Operational, reputational, and financial risks (among others) are considered, and a heat map is developed to enable prioritization for the Business Continuity Plan.
  • Business Impact Analysis (BIAs) are performed for each facility and major business function, beginning with higher-risk entities. In all major buildings, equipment, processes, human resources, suppliers and IT systems are identified, rated based on their criticality in achieving operational objectives, and an estimated time to recover is determined.
  • Business Continuity Plan (BCP), which specifies the procedures for business recovery, support team roles and responsibilities, communication routes and the locations of the Disaster Recovery Plans (DRPs).
  • Disaster Recovery Plans (DRPs) are created for each major facility and every critical business organization, to uniquely specify detailed recovery activities across the organization.
  • Exercising the BCP is achieved by simulation exercise drills which are performed regularly with involvement from both site primes and senior business leaders, seeking improvement opportunities for the organization’s preparedness. Lessons learned are published after every drill.

The results and priorities of the Business Continuity Management System process and improvement activities are reviewed regularly by a steering committee comprised of members of our Emergency Management Team and Ribbon senior management.

Ribbon Business Continuity Scope

All of Ribbons facilities around the globe fall under the Ribbon Business Continuity Scope, which includes:

  • Emergency Response, First Aid, and Safety and Evacuation plans for employees and visitors
  • Physical Security provisions at all facilities
  • High availability key network architecture and critical infrastructure
  • Lab Operations for critical customer and internal equipment
  • Network infrastructure and cyber security including data privacy and backup/duplication policies
  • Operational tool sets including: Communications, Asset Inventories, Design and Support Tools

Roles, Responsibilities and Resource Provision

Ribbon’s Business Continuity Management System and the associated Business Continuity and Disaster Recovery Plans are the responsibility of the Vice President of Global Real Estate and Facilities. Members of the BC Team take action to update the communication plan, organization charts and the BCMS documentation set. Leadership is provided by site, and functional primes called the Emergency Management Team (EMT). The EMT performs duties during BCP drills and actual disaster events and represents the whole Ribbon organization by seeing recovery and restoration actions through to completion.

The BCMS is championed by the Chief Legal Officer (CLO) within the Executive Management Team, who offers business direction, resourcing and objectives to ensure the BC arrangements aligned to meet corporate goals.

All Ribbon employees are trained in general BCP awareness. Detailed specific continued operations training is identified and issued to those who require it.

BCMS Documented Process

The BCMS documentation set is updated regularly, when business requirements dictate a need to do so. This documentation list includes:

  • Business Continuity Policy with Leadership Signatory
  • Management System Overview containing BCMS Scope
  • BCMS health reporting via KPIs and the BC Objectives
  • BIA (Impact Analysis), Risk Assessments and Appetite for Risk
  • Incident Response Structure (complete with ticket-tracking integration)
  • The BCP Document and related DRP Documents for each site.
  • Related Training materials
  • Schedule for drills, results of drills and other action items history
  • Annual management review slides, Minutes and the Corrective Actions Register (via CAR database)

The BMCS delivers vital information which is critical to decision making at Ribbon during a trigger event. Preparedness comes from understanding our business objectives; these tools deliver answers to pertinent questions, such as:

  • What are our key services and products?
  • What are the regional and international dependencies to key activities?
  • Where can alternative sources of service be located?

Making our employees aware of our BC arrangements reduces the impact to ongoing operations if a site were to be severely impacted by an event. The demonstration of the health of our BCP to our business leaders comes from our drills and training. Annual management reviews allow Ribbon to align the resourcing required to ensure continuous improvement and the overall health of the BC Plans.

Ribbon Internal Organization

To ensure an internal communication plan remains current and effective, the organizational structure is reviewed directly after any significant internal reorganization activity and during every BC Drill.

Key Risk Assessments Sources

We take advice from credible sources such as professional organizations and industry leaders to construct the Current Risk Register. Our sources include DR Institute, FEMA, ENHESA, CPNI, UN, WHO, and WE Forum. We consider the locations of our facilities and use historical and current evidence to augment the register of risks considered.

Key Services

The key objective of the BC arrangements is to maintain, where possible, Key Services with minimal disruption. Our Key Services include:

  • Customer Support – providing technical support to our customers and their users. Patching and functionality upgrades, network management and other support activities as required.
  • 3rd Party Development and Manufacturing – R&D, Supply Chain and Order Fulfilment have regular reviews to ensure that our BC requirements are accommodated by our suppliers as detailed in our contracts with them. Supplier disruption minimization strategies are in place to limit the disruption caused when supply chains are impacted.
  • Software Development and Hardware Research – R&D at each of our key research sites has been arranged in such a way to ensure duplication of both infrastructure and expertise across multiple sites. This redundancy allows the movement of knowledge to further increase the flexibility of the Ribbon workforce.
  • Public Presencewww.rbbn.com

In conclusion, the Ribbon-operated Business Continuity Management System covers all staff and all sites, all products and all operations. It works hard to exercise the BC plans which are generated for all areas of the business. The BCMS aims to identify risks to our operations and ensures arrangements are in place to mitigate those risks. Activities are performed to enhance the robustness of the arrangements for the security of the business and to ensure continued delivery to our stakeholders in times of crisis. Measurements are taken to track improvements and allow review of BCMS Activities by the Executive Management Team.

For more information, please email bcp@rbbn.com or contact your sales representative.

Version 3.0 - Aug 2025

Resources

Statement

Ribbon Business Continuity PDF