Incident Response & Business Continuity Policy

Effective Date: July 2026

1. Objective

This policy establishes the framework for detecting, responding to, and recovering from security incidents or operational disruptions, ensuring minimal impact on our cross-border e-commerce services.

2. Incident Roles & Responsibilities

  • Incident Manager (Technical Lead): Responsible for overall coordination, decision-making, and communication with external platforms (e.g., TikTok Shop/AliExpress).
  • Response Team (Engineering): Tasked with technical containment, log analysis, and restoring services.
  • Communication Liaison: Handles internal stakeholder alerts and provides status updates.

3. Business Impact & Recovery Objectives

Critical Asset Objectives:

  • RTO (Recovery Time Objective): < 4 hours for full system restoration.
  • RPO (Recovery Point Objective): < 1 hour (Data loss minimized through frequent automated backups).

Note: These targets are achievable via our decentralized server architecture (Singapore/Oracle/Volcano) and automated snapshot recovery processes.

4. Reporting & Communication Channels

In the event of a critical incident:

  1. Internal Alerts: Automated triggers via n8n push alerts to Feishu/DingTalk within minutes of detection.
  2. Platform Communication: If an incident affects API services, the Incident Manager will contact platform support via official partner channels.
  3. Post-Incident Review: All incidents require a documented report detailing the root cause and preventive measures taken.

5. Drills & Compliance

We conduct a mandatory Annual Incident Drill to test our response efficiency. The results, including lessons learned and operational improvements, are documented and retained as part of our compliance archive for inspection by platform authorities.

Business Continuity Planning Committee | Last Drill Date: May 2026