Objective

This document is written to communicate Ribbon’s Business Continuity Policy BC-CP-01 (formerly 990-77001), to ensure that all business activities can be kept at normal or near-normal performance following an incident that has the potential to cause a major disruption to critical business activities.  For example, Extreme Weather Events, Cyber Attacks, Infrastructure Outage, Loss of Power, Loss of a Facility or Premises.

Scope

This document applies to all of Ribbon Communications Inc. 
To obtain the latest version of this or any other policy, visit the Ribbon Documentation tool @ https://ribbon.logicgate.com.

Specifically see: https://ribbon.logicgate.com/records/J1RuF3Se

Required Approvals

This document requires the approval from the VP Global Real Estate and Facilities. 

Review Period

The Policy Owner will ensure a review of this policy is conducted every two (2) years at a minimum, or when significant business policy changes occur, to ensure the information contained herein is current and applicable.

POLICY LEADERSHIP

The VP Global Real Estate and Facilities is designated as the Management Team Liaison responsible for this program and management system.  Resolution of issues in the development of, or support of, all plans and associated activities should first be coordinated with the Business Continuity Team (BC Team), and appropriate internal or external organizations before submitting to the Management Team Liaison.  

VERIFICATION OF POLICY CONFORMANCE

BC Policy conformance verification is managed through the BCMS by the BC Team with support from other relevant internal departments.  Each internal organization must define appropriate procedures, staffing, tools and workplace planning activities necessary to meet compliance requirements. Plan templates have been developed to facilitate the plan development process, and these templates shall be used where appropriate. 
Conformance to the policy is verified annually and is facilitated by the BC Team. 

CORRECTIVE ACTION PLAN

In situations where an internal organization does not conform to this policy, the BC Team will prepare a report stating the case for non-compliance and present it to the Management Team Liaison for mediation and resolution using the CAR database to track all corrective actions.

Policy

Ribbon Communications prioritizes the availability and rapid recovery of vital business functions during disruptions caused by internal or external factors. Ribbon recognizes the importance of the health and safety of its employees as well as the production and delivery of goods and services for customers and other stakeholders. We emphasize proactive threat management to minimize impacts on operations, clients, stakeholders, and reputation.

Ribbon Communications uses a Business Continuity Management System (BCMS) certified to ISO 22301:2019 which ensures regular maintenance of the Corporate Business Continuity Plan (BCP) and Site Specific and Organizational Disaster Recovery Plans (DRPs). The BCMS specifies the details of the annual leadership review and records the Strategies and Solutions to be employed during a BC event.

Objectives of the BCMS

  • Identify and assess risks to Ribbon operations, reduce the recovery times and improve resilience.
  • Maintain a comprehensive Business Continuity Plan (BCP) and set of Disaster Recovery Plans (DRPs) for structured responses.
  • Define roles for BCMS implementation, testing, and upkeep.

Plan Development and Maintenance (BCP and DRPs)

  • Identify critical functions, processes, suppliers, resources, and dependencies through Business Impact Analysis (BIA).
  • Thoroughly review risks to identify threats and vulnerabilities on and off site.
  • Develop detailed response and recovery plans for critical functions identified in the BIA.
  • Regularly update BCP and DRPs to match organizational requirements and risk landscape.

BCP Testing and Exercises

  • Regularly validate BCP effectiveness through tests and simulation exercises.
  • Analyze testing results (and results from events) for improvements including readiness of IT services and utilities.

Communications

  • Set clear channels for information sharing and protection during disruptions.
  • Keep stakeholders promptly informed during incidents.

Compliance, Improvement and Review

  • Monitor Business Continuity compliance in relation to regional laws and corporate contracts.
  • Continuously enhance BCMS and the Plans based on lessons, best practices, and environment changes.
  • Annual review of this policy and documents of the BCMS to ensure relevance and effectiveness in supporting business continuity goals.

Each Organization within Ribbon is responsible for preparing content for their DRPs specific to their processes

Implementation

This Policy shall be implemented through the application of Ribbon Management Systems to drive continual improvement and forms the bedrock of the BCMS.