Business Continuity and Disaster Recovery
Introduction
Organisations of every size and industry rely on Phonovation's SMS platform to power critical customer engagement, authentication, healthcare messaging, and wholesale connectivity every single day. We understand that the reliability of our platform, our products, and our people is essential to helping our clients build trust with their customers, partners, and end users at scale.
We take measures to protect our customers and their services through our high-availability platform architecture, resiliency practices, and requirements embedded into our development and operational processes and by maintaining Business Continuity, Disaster Recovery, and Crisis Management programmes to mitigate risks and safeguard our people, clients, business, and products.
This document provides an overview of Phonovation's Business Continuity, Disaster Recovery, and Crisis Management programmes, including the evidence from our most recent continuity exercises conducted in January 2026.
About Phonovation
Phonovation delivers SMS communications solutions to businesses across Ireland and beyond. Our platform provides enterprise grade messaging services including two way SMS via API and SMPP, bulk messaging, healthcare and regulated messaging, and wholesale SMS connectivity. We engage deeply with our clients, helping them maintain reliable, secure, and compliant communications with their customers.
Our end-to-end platform is built with resilience as a design principle, and we maintain a strong focus on our commitments to security, data protection, and service continuity.
To learn more about Phonovation, please visit www.phonovation.com.
Business Continuity - Executive Summary
Phonovation is committed at all levels to implementing and maintaining robust arrangements that ensure continuity of service. These arrangements enable our critical teams to continue delivering key services in the event of minor or major incidents, disruptive events, and crisis situations.
Proactive behaviour is key. Threats are identified and risks are prioritised on a regular basis. Disruption to our operations can come from any type of event, from man made to natural, with or without warning. By placing a priority on Business Continuity Planning, any impact to our people, clients, and ongoing operations is minimised.
Our Business Continuity programme continues to evolve. Our information security controls are aligned to ISO 27001:2022.
This document has been validated against our most comprehensive continuity exercise to date, conducted in January 2026 with coordinated simulations across DevOps, Sales, and Finance simultaneously.
The Resilience Programmes
Phonovation's Business Continuity and Disaster Recovery programmes are committed to providing solutions and strategies that protect our top priorities: our people, our products, and our customers.
Phonovation’s Team
Our Business Continuity responsibilities are owned at senior leadership level, with named individuals holding accountability for each plan and function. Team members across DevOps, Sales, Finance, and Customer Support are trained in their continuity roles. BCP awareness training is provided to all staff, with detailed role specific training issued to those who require it.
Guiding Principles
Safeguard Our People
Our team is Phonovation's most important asset. We maintain a safe working environment and ensure our people are accounted for and supported in every continuity scenario
Protect our clients
Your operations depend on us. Protecting your services and maintaining your trust drives every resilience decision we make.
Manage risk proactively
Our programme helps identify and understand risk across the business, resulting in greater consistency and reliability of our products and services. Problems become easier to avoid — and faster to manage when they do occur.
Foster customer trust
We embed resilience practices into how we operate so we can consistently meet your requirements and commitments — whatever the circumstances.
Follow best practices
We operate under ISO 27001:2022 certification for information security.
Phonovation’s Process
Phonovation uses a top-down approach to set the scope of our resilience programmes. That means we start with the products and services we offer and work backwards to include the teams, functions, and resources that support their delivery. Our program encompasses not only the engineering teams that directly support the delivery of our platform, but also the operational functions, Sales and Finance, that enable us in less direct but equally important ways.
Communication for Our Customers
Regardless of the nature of an incident, Phonovation is listening. Please contact us at any time at servicedesk@phonovation.com or by phone on +353 (1) 284 3011.
We recognise that reliable SMS communications are often a critical dependency in our clients' own business continuity and disaster recovery planning. Our customers place their trust in us that their commitments to their customers will be met. We take that responsibility seriously.
During a trigger incident
Our response team has an objective to keep the following internal and customer-facing teams informed throughout response and recovery activities:
Customer Support: Primary point of contact for all client incident queries.DevOps and Engineering: Managing technical recovery and restoration activities.Sales and Account Management: Maintaining client relationships and managing escalations.Finance: Managing any financial continuity obligations arising from the incident.
Customer communication timeline
In the event of a service disruption, we provide communications through agreed channels, typically email and our support desk, with direct phone contact to key stakeholders where appropriate. Our structured communication timeline is as follows:
The Business Continuity Management Systems (BCMS)
Phonovation actively maintains a Business Continuity Management System (BCMS) to ensure stability of operations following a potential disruption or catastrophic event, whether a natural disaster, pandemic, cyber attack, or supply chain failure. The plans within the BCMS define objectives, dependencies, and steps to execute in order to limit the impact from the loss of a key service or function.
Our BCMS is mandated by Phonovation's senior management and is used to ensure the accuracy and effectiveness of our Continuity Plans. Each year, the following steps are executed:
Our organisation is aligned to the BCMS and plans are reviewed for accuracy.Business Impact Assessment (BIA) is performed.System health is assessed via quarterly BCP drill exercises.Drill results generate improvement actions that are tracked to completion.An annual management review is held to keep senior leaders informed of progress, resourcing requirements, and contributing responsibilities across the business.
The five major elements of our BCMS
Risk Assessment
Risk assessments are performed with senior leadership to decide which services and functions are most vulnerable. Operational, reputational, and financial risks are considered and prioritised into our Business Continuity planning cycle.
2. Business Impact Analysis (BIA)
BIAs are performed for each service and major business function. Equipment, processes, key personnel, suppliers, and IT systems are identified, rated by criticality, and assigned an estimated recovery time.
3. Business Continuity Plan (BCP)
The BCP specifies recovery procedures, team roles and responsibilities, and communication routes for each in-scope function. Plans are owned by named individuals and reviewed and approved annually.
4. Disaster Recovery Plans (DRPs)
DRPs are created for each critical service and business function, specifying detailed, step-by-step recovery activities. These underpin the customer-facing RTO and RPO commitments in this document.
5. Exercising the Plans
Plans are tested through regular simulation drills. Lessons learned are published after every exercise and tracked to completion. Results are reviewed by senior leadership at the annual management review.
The results and priorities of the BCMS process and improvement activities are reviewed regularly by senior management, ensuring continuous alignment of resourcing and objectives to our continuity goals.
Business Continuity
Business Continuity is the capability of the business to continue the delivery of products and services at acceptable, predefined levels following a disruption. Phonovation's business continuity programme follows an annual programme cadence of core activities ranging from business impact analysis, plan development and updates, and testing exercises.
Business impact analysis
Phonovation performs an annual Business Impact Analysis (BIA) to understand business requirements, set recovery objectives, and identify gaps and areas of vulnerability. The requirements and objectives established during the BIA inform our strategy analysis and planning processes. Risks identified during the BIA are included in our risk management processes. BIAs are reviewed, updated, and approved annually by leadership or when significant organisational changes occur.
Strategy analysis
Following the BIA, we work with business unit leadership and functional owners to identify current-state strategies for recovery should a disruptive event occur. We use a resource-based planning approach, documenting realistic, current-state strategy in the event of a loss of a key resource, such as an application, technology system, personnel, or third-party service.
Business continuity planning
With strategies defined, Business Continuity Plans (BCPs) are maintained to specify how teams will respond and recover during a disruptive event. BCPs are in place for each in-scope team, and those teams have ownership of their plans, validating that content is usable, actionable, and accurate. Plans are reviewed, updated, and approved annually by leadership or when significant changes occur.
Third-party assurance
Phonovation evaluates the business continuity capabilities of key vendors and third-party SaaS providers as part of our procurement process and annual review cycle. This includes our CRM provider, ERP and accounting platform, and critical infrastructure partners.
Business continuity scope
Our business continuity programme covers all functions that directly or indirectly supports the delivery of customer-facing services. This includes:
Customer-facing messaging servicesOperational dependencies: Sales (CRM), Finance (ERP/Accounting), and DevOps infrastructure.Customer communications during incidents: notification, status updates, and resolution processes.Data protection and regulatory compliance obligations in recovery: GDPR, healthcare, and financial services messaging.Network infrastructure and cybersecurity, including data privacy and backup procedures.
Disaster Recovery
Disaster Recovery is the ability of Phonovation's information and communications technology to support critical business functions to an acceptable level within a predetermined time following a disruption. This is achieved through a framework built on policy, service readiness, infrastructure resilience, incident command, and compliance requirements.
Infrastructure resilience
Our infrastructure is designed and operated with resilience as a core principle. We use specialised monitoring tools to track server performance, data, and traffic load across our environment. If suboptimal performance or capacity overload is detected, these tools will automatically increase capacity or shift traffic to restore normal operation, with immediate alerting to our engineering team for prompt action.
This architecture allows for failover of critical components from primary to backup. Should automatic failover not occur, our incident command process is invoked to manage recovery manually, with escalation to Crisis Management as required.
Data backup and recovery
Phonovation performs daily full backups of customer data across all customer-facing services. Database restore time is the dominant constraint in core service recovery, an insight validated by our January 2026 DevOps exercise, and we are actively working to reduce this through automation and improved processes.
Customer-facing service recovery approach
Recovery for customer-facing services follows a structured restore-and-validate model:
Identify the scope and prioritise service restoration order based on business criticality.Provision or re-provision required compute and supporting infrastructure components.Restore databases from the most recent validated backup.Deploy application components using controlled, documented deployment processes.Validate service functionality, performance, and data integrity before stand-down.Communicate restoration milestones and resolution confirmation to all affected customers.
Recovery Objectives (RTO / RPO)
Phonovation's Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) are set based on the possible impacts of a disruption, enabling us to protect client-facing service levels. The table below presents our target objectives alongside observed evidence from our January 2026 continuity exercises.
Testing
Plans are tested as part of the annual programme lifecycle via live simulations. Test scenarios are based on the most likely and highest-impact threats to the business, as identified through our risk management process, and vary in complexity relative to the objectives of each exercise, for example, a core services outage, CRM failure, or people loss scenario.
Lessons learned and improvement actions are identified and documented as part of every exercise, reported to senior leadership, and tracked to completion.
January 2026 - multi-department live exercise
Our most comprehensive exercise to date was conducted in January 2026, running coordinated simulations across DevOps, Sales, and Finance simultaneously. This provided a 360° view of the operational resilience underpinning our client services.
Results and improvement actions from each exercise are reviewed at the annual management review and reflected in updated plans and procedures for the following year.
Crisis Management
The mission of Crisis Management at Phonovation is to prepare for and lead our response to enterprise-level incidents, while preserving the wellbeing of our people, the integrity of our business operations, and the trust of our clients and the public.
We define a crisis as a unique set of circumstances that disrupts normal business operations and requires swift, coordinated, or senior decision-making authority to mitigate significant or imminent risk to the business. A crisis event may affect our people, technology, reputation, operations, or financial position.
Crisis management plan
A Crisis Management Plan is in place to govern our response to enterprise-level incidents. The plan defines the assembly of a core response team comprising senior leaders from relevant functions, and specifies procedures for decision-making, communications, and stakeholder management throughout a crisis event.
Criteria
Phonovation has established criteria, triggers and thresholds, across the business for managing incidents and escalations. These criteria are based on the impact to our platform, products, customers, and people. They inform the processes for activating plans, assembling recovery teams, and making critical decisions at speed.
Service monitoring during incidents
Business hours (Monday–Friday, 09:00–17:30): active recovery tracking with RTO progress measured against committed timeframes. Escalation procedures activate if targets are at risk.Out of hours: automated 24/7 monitoring with immediate alerting to on-call engineers for any service degradation or failure, with defined escalation to senior technical leadership.Planned maintenance: advance notification provided for any maintenance affecting service availability; activities are scheduled out-of-hours where possible.
Business Continuity, Disaster Recovery, and Crisis Management are integral programmes at Phonovation in maintaining the standard of service our clients have come to expect. As we continue to develop our platform and expand our services, resilience is a continuous effort, and our investment in these programmes reflects our commitment to safeguarding our people, clients, their data, and the products and services we provide.
Questions about our RTO / RPO commitments?
Contact us directly at +353 (1) 284 3011 or email servicedesk@phonovation.com if you have any questions about our RTO / RPO commitments.
Validity and Document Management
This document is valid as of 23rd of February 2026. It will be reviewed annually by the Data Protection Officer and updated as necessary after each annual testing.