Effective Date: July 2026
1. Objective
This policy establishes the framework for detecting, responding to, and recovering from security incidents or operational disruptions, ensuring minimal impact on our cross-border e-commerce services.
2. Incident Roles & Responsibilities
- Incident Manager (Technical Lead): Responsible for overall coordination, decision-making, and communication with external platforms (e.g., TikTok Shop/AliExpress).
- Response Team (Engineering): Tasked with technical containment, log analysis, and restoring services.
- Communication Liaison: Handles internal stakeholder alerts and provides status updates.
3. Business Impact & Recovery Objectives
Critical Asset Objectives:
- RTO (Recovery Time Objective): < 4 hours for full system restoration.
- RPO (Recovery Point Objective): < 1 hour (Data loss minimized through frequent automated backups).
Note: These targets are achievable via our decentralized server architecture (Singapore/Oracle/Volcano) and automated snapshot recovery processes.
4. Reporting & Communication Channels
In the event of a critical incident:
- Internal Alerts: Automated triggers via
n8npush alerts to Feishu/DingTalk within minutes of detection. - Platform Communication: If an incident affects API services, the Incident Manager will contact platform support via official partner channels.
- Post-Incident Review: All incidents require a documented report detailing the root cause and preventive measures taken.
5. Drills & Compliance
We conduct a mandatory Annual Incident Drill to test our response efficiency. The results, including lessons learned and operational improvements, are documented and retained as part of our compliance archive for inspection by platform authorities.
Business Continuity Planning Committee | Last Drill Date: May 2026