Shedthemusic Business Continuity Plan

1. Purpose & Scope
This Business Continuity Plan describes how Shedthemusic continues critical services during a disruption. It is independent of our SaaS vendors (Squarespace for website hosting/CMS and MemberSpace for membership access) and covers:

• Loss of access to hosted systems (website, membership)

• Staff unavailability or movement

• Offline backups and restoration

• Alternative delivery of curriculum and communications

• Preservation of key records

We do not collect student PII. Students access resources via a shared, generic school username managed by the school. Our plan focuses on continuity for educator access, curriculum delivery, membership validation, and communications.

2. Roles & Responsibilities

• Incident Lead (Primary): Bob Habersat, CTO — coordinates response, restoration, and communications.

• Continuity Lead (Secondary): Kris Habersat — member management, educator communications, fulfilment, backup verification.

• Succession: If Bob is unavailable, Kris assumes Incident Lead. If both are unavailable, the pre-authorized backup contact is documented in the private emergency contacts list stored with the offline backup kit.

3. Critical Services & Recovery Targets

• Educator access to curriculum and resources — RTO: 24 hours; RPO: 24 hours

• Public website availability — RTO: 72 hours; RPO: 24 hours (content can be served via temporary landing page)

• Membership validation (educator accounts) — RTO: 24 hours; RPO: 24 hours

• Order processing and invoicing — RTO: 72 hours; AU/NZ via MusicEdNet unaffected except for shared comms

• Support communications (email) — RTO: 4 hours; RPO: 0–24 hours

4. Backup Strategies (Independent of SaaS)

4.1 Content & Curriculum

• Primary: Source files stored in cloud drive with version history (Google Drive/equivalent).

4.2 Website & Membership Configuration

• Website (Squarespace): Monthly export (XML where supported) + separate export of static assets (images, downloads). Stored in cloud drive and included in weekly offline snapshot.

• Membership (MemberSpace): Weekly CSV export of educator/member roster and access rules. Stored in cloud drive and included in weekly offline snapshot.

4.3 Key Records

• Current license keys, shared school usernames, and emergency contact list kept in an encrypted password vault and printed sealed copy in the offline kit (updated quarterly).

5. Restoration Strategies (DR)

5.1 SaaS Partial/Full Outage (Squarespace/MemberSpace)

• Provide curriculum access via temporary secure links (cloud drive) sent to verified educator email lists.

• Validate membership using latest weekly roster export; if needed, issue time-limited access links.

5.2 Device/Workstation Failure

• Use spare laptop or loaner device. Access cloud drive and password vault; retrieve offline snapshot from external SSD if needed.

5.3 Staff Unavailability

• The available Habersat assumes both roles. Emergency “how-to” checklist stored with offline kit covers: issuing generic school credentials, posting updates, and sharing curriculum links.

6. Preservation Strategies

• Preserve membership roster exports for 12 months to support audit and continuity checks.

• Keep an immutable copy of incident reports and continuity test records in cloud drive and the offline kit.

7. Alternative Operations if Website Is Down

• Email advisory to educator accounts with temporary access instructions.

• Post status/update message: MemberSpace/Squarespace vendor status pages are monitored automatically; Shedthemusic status message is posted on the temporary landing page.

• AU/NZ purchasing and invoicing continue via MusicEdNet; US/other regions can be served via direct invoice while storefront is down.

• Support continues via email and, if necessary, a forwarding mobile number.

8. Communications Plan

• Internal: SMS/phone followed by email between Bob and Kris at incident onset.

• External: Email notice to educators; banner on temporary landing page; FAQ link with ETA and contact.

• Stakeholders: Reseller (MusicEdNet for AU/NZ) notified if any disruption impacts fulfilment.

9. Testing & Review

• Tabletop continuity test: twice per year (failover to temporary landing page, membership validation from export, recovery from offline snapshot). Results logged and actioned.

• Backup restore test: at least annually for curriculum and monthly website export.

• Plan Review: Quarterly review or after any major incident or vendor/platform change.

10. Dependencies & Assumptions

• Squarespace and MemberSpace SLA/uptime as published by the vendors.

• Email availability via our mail provider; offline kit contains alternate credentials if needed.

• Cloud drive provider availability; offline SSD serves as fall-back.

• Student access requires no student PII; schools administer generic shared usernames.

11. Contact Details

• Incident Lead: Bob Habersat — bob@shedthemusic.net

• Continuity Lead: Kris Habersat — kris@shed