Red Hat business resilience for customer confidence
Red Hat maintains a comprehensive business resilience program consisting of business continuity, disaster recovery, and critical incident management plans across business functions, sites, and technologies. We have designed our systems and support processes to keep both Red Hat running and our customers and partners supported, secure, and stable when using our products and solutions.
Red Hat is built on Red Hat® products. In our environment, we run Red Hat core technologies—including Red Hat Enterprise Linux®, Red Hat OpenShift®, and Red Hat Ansible® Automation Platform—in production environments. We are committed to using our products the same ways our customers do: to solve business problems and create new opportunities.
Business Resilience management
We have an established Business Resilience (BR) program consisting of business continuity, disaster recovery, and critical incident management. The program is under the sponsorship of the Chief Financial Officer, Chief Information Officer, and Executive Vice President of Products and Technologies, with executive-level advisory councils representing all business units and technologies. These cross-enterprise advisory councils regularly review business resilience policies, objectives, and progress at least once a year, as well as set the program’s overall strategic direction.
The BR program is supported by full-time, dedicated, certified staff in business continuity, disaster recovery, and critical incident management. It includes provisions stated in our policy for business impact analysis, risk assessment, and the creation of response plans. The program also includes regular training, maintenance, testing, and exercises, as well as updates from lessons learned and management reviews.
Business Resilience management policy
The underlying principle of our BR policies, standards, and guidelines is understanding the risk and impact of any disruption to critical business functions—and establishing the necessary procedures to set up, maintain, and exercise effective resumption plans for those functions, including dependent applications, technology, and suppliers. The policy establishes roles and responsibilities, scope, objectives, and a framework for recovery management, from interruptions to critical business functions.
Business continuity and disaster recovery plans
Critical business functions, processes, and technologies that support both internal and external customers have implemented business continuity and disaster recovery plans so that an interruption to our critical business functions will not significantly impact contracted service levels.
Plans are regularly tested and maintained both after use and when significant changes are made to business processes, managed sites, or technologies. Plan testing—both scheduled and in response to disruptive events—has successfully demonstrated the effectiveness of the plans and the ability to transfer critical business processes and services to unaffected regions, with little to no impact on customers.
Critical incident management plans
We follow a documented critical incident management program to support a safe and secure work environment, identify and manage critical situations when they arise, and protect people, information, property, assets, and the Red Hat brand. The plans contain clearly identified team roles and responsibilities, a formal incident assessment and response team, and a process for effective crisis management team communications using an automated mass-notification system to reach associates worldwide. The site emergency response plans are reviewed at least bi-annually and are tested annually.
Pandemic and third-party response planning
Among the scenarios addressed in our functional-level business continuity plans are the widespread reduction of critical staff and loss of critical third-party service providers. The business functions responsible for critical business processes are geographically dispersed. Plans exist and are used to shift critical business services to other regions in the event of a regional disaster, including widespread illness. Business functions identify and review critical third parties annually to establish contingency plans in the event that the third party fails.
During the COVID-19 pandemic, we enacted these plans under the cross-organizational coordinated guidance of our corporate critical incident management team in support of business continuity and local site response teams across the globe. We continue to monitor and analyze changes, and we remain committed to supporting associates, customers, and partners.
Red Hat information security and privacy
At Red Hat, trust is essential to doing business. That’s why we work every day to secure customer data.
Request for proposal (RFP) rapid response
We have a dedicated team to work with our global sales organization and partner ecosystem for any request for proposal responses. Rest assured that each request or project will be managed by a dedicated account person with team support from across Red Hat and, if necessary, IBM. We welcome your questions and requirements.