Skip to main content
BehaviourWellbeingInsightsCommunity
Our StoryBlogFAQContact
ten points
Pricing
Book a callLog in
BehaviourWellbeingInsightsCommunity
Our StoryPricingBlogFAQ
Book a callLog in

Trust Centre

Business Continuity Plan

Last updated: May 21, 2025

← Trust Centre

Version: 1.0Effective Date: 01 Oct 2025Approved By: Board of DirectorsNext Review Date: 01 Oct 2026

1. Introduction

This Business Continuity Plan (BCP) defines how Ten Points Education Limited (“Ten Points”) will respond to, manage, and recover from disruptive incidents. Its purpose is to minimise downtime, maintain critical services for schools, and ensure compliance with legal and contractual requirements.

The BCP is activated when normal operations are disrupted beyond acceptable limits, particularly where Recovery Time Objectives (RTOs) or Recovery Point Objectives (RPOs) are at risk.

2. Scope

This plan applies to:

  1. all critical business functions and systems operated by Ten Points;
  2. incidents affecting technology, people, or critical suppliers; and
  3. all employees and contractors supporting Ten Points operations.

3. Recovery Objectives

  • Recovery Time Objective (RTO): 4 hours for SaaS platform availability.
  • Recovery Point Objective (RPO): 24 hours for data recovery.

4. Critical Business Functions

FunctionDescriptionPriorityRTORPO
SaaS Platform AvailabilityTen Points web & mobile accessHigh4 hrs24 hrs
Database IntegrityAzure SQL data consistencyHigh4 hrs24 hrs
Customer CommunicationStatus page + email to schoolsHigh2 hrs0
Analytics & ReportingDashboards, BI exportsMedium24 hrs24 hrs
Internal OperationsStaff collaboration (email, docs)Medium24 hrs24 hrs

5. Critical Suppliers (Tiered)

  • Tier 1 (Mission-Critical): Cloudflare (via Bubble) – DNS/CDN/DDoS; Bubble.io – application hosting.
  • Tier 2 (High Importance): Microsoft Azure – SQL, Functions, Service Bus, Storage.
  • Tier 3 (Supporting): Wonde – MIS sync (account manager escalation available); Cloudinary – image/media hosting.

6. Risk Scenarios

  1. Cloudflare or Bubble outage.
  2. Azure outage or SQL corruption.
  3. Cybersecurity incident (data breach, ransomware, DDoS).
  4. Loss of critical staff.
  5. Wonde unavailability.
  6. Data corruption or accidental deletion.
  7. Regional disruption or natural disaster.

7. Roles & Responsibilities

  • Incident Commander – declares incidents, activates plan, coordinates recovery.
  • Technical Lead – manages IT restoration, liaises with Azure/Bubble support.
  • Comms Lead – updates schools via email, maintains status page, escalates to regulators if required.
  • Deputies – provide cover if primary roles are unavailable.

8. Response Procedures

  1. Incident detected and reported.
  2. Incident Commander assesses severity and activates BCP if RTO/RPO at risk.
  3. Technical Lead restores critical services, using SQL point-in-time restore where required.
  4. Comms Lead updates status page and emails schools as needed.
  5. Regulators notified within legal timeframes (e.g. ICO within 72h for data breach).
  6. Incident log maintained throughout response.

9. Workarounds

Schools are encouraged to maintain their own contingency measures for service downtime (e.g., paper or spreadsheet-based tracking). Data can be re-entered once Ten Points service is restored.

10. Disaster Recovery Procedures

  • Platform Outage: Monitor Bubble & Cloudflare status; inform schools; restore service within 4h.
  • Database Corruption: Perform SQL point-in-time restore; verify integrity.
  • Cybersecurity Incident: Isolate systems, revoke credentials, restore from clean backups.
  • Supplier Failure: Contact account managers (Wonde) or monitor vendor status (Cloudflare, Azure).
  • Staff Loss: Deputies step in; priority functions reassigned.

11. Communication Plan

  • Internal: Slack/Teams, email, SMS fallback.
  • Schools: Status page + email alerts.
  • Regulators: ICO or others notified within legal deadlines.
  • Suppliers: Wonde account manager; Bubble/Microsoft via public channels.

12. Testing & Maintenance

  1. Tabletop test twice per year.
  2. Technical recovery test (SQL restore) at least annually.
  3. Lessons learned logged and plan updated.
  4. Annual Board approval required.

Contact

Business Continuity Manager / Information Security Officer
Ten Points Education Limited
Email: [email protected]

  • Home
  • Behaviour
  • Wellbeing
  • Insights
  • Community
  • Our Story
  • Blog
  • FAQ
  • Pricing
  • Contact
Get started
ten points
Trust CentreAgreement

© 2026 Ten Points Education Ltd