Business Continuity and Disaster Recovery Policy

Company: Tyrogen Limited (16884876)
Owner: Operations / Technology
Approved by: Governing Body (or delegated authority per Delegation of Authority)
Status: Draft (controlled policy)
Version: 0.2
Last updated: 2026-04-04
Next review: 2026-04-30

1) Purpose

This policy defines Tyrogen’s continuity and disaster-recovery framework for protecting critical services, controlled records, learner interests, assessment activity, and evidence availability during disruption.

Tyrogen’s arrangements ensure that continuity and recovery are governed as controlled operational and compliance capabilities rather than as ad hoc response activity. This policy therefore states the continuity framework Tyrogen relies on across its current operating model and any future regulated awarding activity activated through formal readiness and go-live controls.

1.1 Policy role and ownership

This file is the canonical owner of Tyrogen’s continuity and disaster-recovery policy framework. It owns the policy position for:

• continuity principles and learner-protection priorities
• the scope of services, records, systems, suppliers, and operational dependencies in continuity scope
• critical-service identification expectations
• recovery-objective expectations and fallback requirements
• minimum continuity-control measures
• continuity-testing expectations
• continuity evidence categories and retained record expectations
• linkage between continuity, incident response, governance escalation, and regulator contact.

This file does not own the detailed workflow for neighbouring control areas. Those remain owned in their true source files:

• incident triage, containment, eradication, recovery, and closure workflow: Incident Response Playbook
• governance-significant incident escalation and related suitability/change handling: Governance Change, Suitability & Incident Management
• Ofqual notification and formal liaison workflow: Ofqual Regulator Liaison, Notifications & Undertakings
• security-control framework and information-protection baseline: Information Security Policy
• DR and continuity test evidence template: DR Test Record.

Tyrogen’s continuity-governance model is therefore structured so that this policy owns the framework, linked procedures own the workflows, and live records own the operating evidence.

1.2 Ofqual and control alignment

This policy supports compliance with requirements and expectations including:

• Criterion C.1(a) — systems, processes, and resources
• A5 — adequate resources and arrangements
• A6 — risk identification and contingency planning
• A7 — incident management
• H6 — timely and accurate issue of results and controlled disruption handling
• PR1 — protecting learners and public confidence.

2) Scope

This policy applies to continuity and recovery arrangements for services and resources including:

• platform availability and core infrastructure
• learner access and account services
• assessment delivery and controlled access to assessment materials
• results, certification, and related operational support processes
• access to key records, audit evidence, and controlled documentation
• critical suppliers and outsourced support services
• communications needed for learners, centres, users, governance, and regulators during disruption.

The scope covers Tyrogen’s remote-first operating model, digital service dependencies, evidence-retention obligations, and any paper-based or numbered materials where disruption could affect continuity, fairness, or regulatory scrutiny.

3) Continuity principles

Tyrogen manages continuity and disaster recovery in a way that is:

• Learner-protective: prioritising impacts on learners, assessments, results, certificates, and records
• Risk-based: focusing effort on the most important services, dependencies, and credible disruption scenarios
• Practical and documented: arrangements are written, accessible, and usable in disruption
• Tested: recovery arrangements are exercised and evidenced
• Coordinated: continuity actions connect to incident response, governance escalation, and regulatory contact routes
• Reviewable: lessons learned are fed back into resilience improvements.

These principles are intended to show that Tyrogen’s continuity model is learner-protective and operationally usable: critical services, records, assessment activity, and communications are prioritised in disruption, recovery action is documented and tested, and continuity decisions are linked to wider governance and incident routes rather than handled informally.

4) Governance and continuity framework

4.1 Governance expectations

Tyrogen has a governed continuity-control model in which:

• the Operations / Technology owner maintains the continuity framework and coordinates continuity capability across systems and services
• the Governing Body retains oversight of material resilience arrangements, continuity dependencies, and major continuity decisions
• the Responsible Officer is engaged where disruption creates regulatory consequences, possible Adverse Effect, or notification requirements
• relevant operational, assessment, compliance, security, finance, and DPO-function roles support continuity activity where the disruption overlaps their domains.

Material continuity risks, major incidents, unresolved resilience weaknesses, and significant test outcomes must be capable of escalation into Tyrogen’s wider governance, risk, and decision-record framework.

4.2 Continuity framework

Tyrogen maintains proportionate continuity and recovery arrangements that cover:

• identification of critical services and dependencies
• prioritisation of recovery actions
• backup and restoration arrangements
• fallback workarounds where automated services are unavailable or degraded
• communications with affected stakeholders
• escalation, decision-making, and recordkeeping.

4.3 Critical service identification

At minimum, Tyrogen identifies whether disruption affects:

• live or scheduled assessments
• learner-facing platform access
• confidential assessment materials
• results processing or release activity
• certification support activity
• regulatory communications or evidence production
• core records required for continuity, audit, investigation, or learner protection.

4.4 Recovery objectives and fallback arrangements

For material services, Tyrogen defines and keeps under review proportionate recovery expectations, including:

• target recovery time objectives (RTO)
• target recovery point objectives (RPO) where data recovery is relevant
• fallback arrangements where full restoration is not immediate
• controlled deferral, rescheduling, or alternative operating steps where these are required to protect fairness, accuracy, or learner interests.

Taken together, the continuity framework is intended to show that Tyrogen identifies which services matter most in disruption, prioritises recovery of learner, assessment, results, and evidence-critical activity, and maintains recovery objectives and fallback arrangements that can support fair and orderly continuation or controlled deferral of services.

5) Minimum continuity-control measures

Tyrogen has the following minimum continuity-control requirements:

• backup arrangements for critical systems and records
• restoration procedures or runbooks for priority services
• role clarity for incident coordination and recovery decisions
• access to key contact details and escalation routes
• dependency visibility for critical suppliers or service providers
• communications planning for learners, centres, users, governance, and regulators where required
• retained evidence of tests, incidents, outcomes, and improvement actions.

These minimum measures are the routine continuity baseline for regulated-readiness purposes: Tyrogen’s arrangements ensure that restoration routes, fallback decisions, communications, and evidence capture are defined before disruption occurs rather than reconstructed afterwards.

5.1 Testing cadence

Tyrogen performs disaster-recovery and/or continuity tests at least quarterly where proportionate, and records them in DR Test Record or an equivalent controlled record.

Test scope may vary by system maturity, change profile, and risk, but each test must produce an auditable record of its objective, method, outcome, issues identified, and required actions.

5.2 Incident linkage

When disruption occurs, Tyrogen follows linked procedures including:

• Incident Response Playbook for triage, containment, coordination, and recovery linkage
• Governance Change, Suitability & Incident Management for governance escalation where relevant
• Ofqual Regulator Liaison, Notifications & Undertakings where notification or regulator contact may be required.

Continuity testing and live disruption handling are therefore part of the retained evidence route: Tyrogen records tests, incidents, outcomes, and corrective actions so it can show both that recovery arrangements exist and that they have been exercised, reviewed, and improved.

6) Learner protection priorities

When prioritising continuity and recovery activity, Tyrogen focuses on:

• preserving the integrity and availability of learner and assessment records
• maintaining fair treatment for learners affected by disruption
• minimising avoidable delay to assessment, results, or certification services
• providing clear and timely communication where disruption affects delivery, access, or decisions
• identifying whether mitigation, deferral, rescheduling, correction, or other protective action is required.

7) Roles and responsibilities

• Operations / Technology owner: maintains the continuity framework and coordinates technical recovery arrangements.
• Governing Body / delegated authority: oversees resilience arrangements, material continuity risks, and major decisions.
• Responsible Officer / Compliance route: considers regulatory consequences, evidence obligations, and notification requirements where relevant.
• Security / Technology function: supports restoration, evidence preservation, and linked security-control activity.
• All relevant staff and contractors: follow escalation and recovery instructions, preserve records, and support continuity activity within their role.

8) Records and evidence

Tyrogen retains or requires, as applicable, evidence showing that continuity capability is operating in practice.

8.1 Minimum evidence categories

Minimum records/evidence include:

• business continuity and disaster-recovery plans or supporting runbooks
• critical-service, dependency, and recovery-objective notes
• DR and continuity test records
• incident records and post-incident reviews
• corrective and preventive actions arising from tests or live incidents
• governance or decision-log entries where disruption is materially escalated.

The retained record set is intended to evidence continuity capability in practice, including the critical-service analysis, recovery assumptions, test activity, incident handling, and improvement actions needed to support learner protection and regulatory scrutiny.

8.2 Record-ownership boundary

This policy owns the requirement to define, maintain, test, and evidence continuity capability. It does not replace the live evidence records themselves, which remain owned in the relevant templates, registers, logs, minutes, and incident files.

9) Review, exceptions, and control maintenance

This policy is reviewed at least annually and earlier where material change arises, including:

• major system, infrastructure, or supplier change
• material incident or recurring resilience weakness
• regulated go-live readiness change
• significant legal, regulatory, or governance change affecting continuity expectations.

Any material exception, compensating control, or temporary departure from this policy must be explicitly owned, time-bounded where appropriate, and capable of review through Tyrogen’s governance and risk routes.

10) Related documents

• Incident Response Playbook
• Governance Change, Suitability & Incident Management
• Ofqual Regulator Liaison, Notifications & Undertakings
• Information Security Policy
• DR Test Record
• Decision Log

11) Change log