First, we don’t ever intend to discontinue MerusCase. Our company has been alive and well since 2008 and we don’t expect that to change. However, in the event that an unexpected disaster does occur, Merus, Inc. has a comprehensive business continuity plan to ensure long-term business success and provide a peace of mind to our clients.
Our plan starts with a comprehensive risk analysis, which is core to planning for disaster recovery and business continuity for any organization. The risk analysis identifies potential threats, risks, vulnerabilities, impacts, and outline the criticality of the business processes. The outcome of this analysis has helped us to determine the needs and requirements to sustain the business in the event of a major outage, natural disaster or the president of a company getting run over by a bus. However, no business continuity plan is of any use if it cannot withstand testing on an ongoing basis.
In late 2013, we were audited by one of our clients to make sure we were HIPAA-compliant as well as to obtain assurances that their data would be secure and retrievable should some event occur rendering MerusCase extinct. We provided them with a copy of the MerusCase End of Life Mitigation Plan, which was written for relative laypersons without specific subject matter expertise in the field of software engineering to restore services provided by MerusCase software package.
The beauty of our business continuity plan is that it also serves as a blueprint for MerusCase users to conduct a run-through scenario and test out the plan on their own should a real event take place. Thus, not only were we able to demonstrate our policies and procedures for maintaining continuous business operations and disaster readiness and preparedness, we made sure that the plan allows for our MerusCase users to get the key to the castle and gain access to their data.