Red Hat business resilience for customer confidence

Red Hat is built on Red Hat® products. In our environment, we run Red Hat core technologies—including Red Hat Enterprise Linux®, Red Hat OpenShift®, and Red Hat Ansible® Automation Platform—in production environments. We are committed to using our products the same ways our customers do: to solve business problems and create new opportunities.

Business Resilience management

We have an established Business Resilience (BR) program consisting of business continuity, disaster recovery, and critical incident management. The program is under the sponsorship of the Chief Financial Officer, Chief Information Officer, and Executive Vice President of Products and Technologies, with executive-level advisory councils representing all business units and technologies. These cross-enterprise advisory councils regularly review business resilience policies, objectives, and progress at least once a year, as well as set the program’s overall strategic direction.

Business Resilience management policy

The underlying principle of our BR policies, standards, and guidelines is understanding the risk and impact of any disruption to critical business functions—and establishing the necessary procedures to set up, maintain, and exercise effective resumption plans for those functions, including dependent applications, technology, and suppliers. The policy establishes roles and responsibilities, scope, objectives, and a framework for recovery management, from interruptions to critical business functions.

Business continuity and disaster recovery plans

Critical business functions, processes, and technologies that support both internal and external customers have implemented business continuity and disaster recovery plans so that an interruption to our critical business functions will not significantly impact contracted service levels.

Critical incident management plans

We follow a documented critical incident management program to support a safe and secure work environment, identify and manage critical situations when they arise, and protect people, information, property, assets, and the Red Hat brand. The plans contain clearly identified team roles and responsibilities, a formal incident assessment and response team, and a process for effective crisis management team communications using an automated mass-notification system to reach associates worldwide. The site emergency response plans are reviewed at least bi-annually and are tested annually.

Pandemic and third-party response planning

Among the scenarios addressed in our functional-level business continuity plans are the widespread reduction of critical staff and loss of critical third-party service providers. The business functions responsible for critical business processes are geographically dispersed. Plans exist and are used to shift critical business services to other regions in the event of a regional disaster, including widespread illness. Business functions identify and review critical third parties annually to establish contingency plans in the event that the third party fails.

During the COVID-19 pandemic, we enacted these plans under the cross-organizational coordinated guidance of our corporate critical incident management team in support of business continuity and local site response teams across the globe. We continue to monitor and analyze changes, and we remain committed to supporting associates, customers, and partners.

Red Hat information security and privacy

At Red Hat, trust is essential to doing business. That’s why we work every day to secure customer data.