Operational Resilience
Warren strives for a stable system with a stable production experience. We use the following KPIs and principles w.r.t. operational resilience:
- High Availability: 99% uptime SLA with redundant systems
- Automated Backup: Regular, encrypted backups with geographic distribution across EU data centers at least 10km apart
- Disaster Recovery: Comprehensive DR plan with <4 hour Recovery Time Objective (RTO) and a 15-minute Recovery Point Objective (RPO)
- Business Continuity: Documented procedures for maintaining operations during disruptions, covering both Warren BV and the pension funds we administer
Governance & Plans
Warren maintains two complementary continuity frameworks:
- Warren BV — Business Continuity & Disaster Recovery Plan: Covers Warren BV's technical infrastructure, systems, and operational recovery. Includes a named Disaster Recovery Team (DRT), activation criteria, failover procedures, and annual DR testing. Teviewed and updated at least annually, and the DR plan is tested annually with results documented for audit purposes.
- Warren OFP (IBP) — Continuïteitsbeleid: A governance-level policy approved by the Board of Directors covering the continuity of critical pension fund operations (contribution collection, benefit payments, investment management, regulatory reporting, etc.), including continuity requirements for all outsourced critical functions. Reviewed and audited every three years.
Data Backup & Recovery
To ensure the completeness and security of your data, we regularly perform backups adhering to the following principles:
- Encrypted Backups: All backups encrypted with separate key management
- Geographic Distribution: Backups stored cross-region — primary compute in AWS eu-central-1 (Frankfurt, Germany), backup storage in AWS eu-west-1 (Ireland)
- Regular Testing: At least annual backup and recovery testing procedures
- Point-in-Time Recovery: Ability to restore data to specific timestamps
Third-Party & Vendor Resilience
Continuity of outsourced critical functions is a mandatory selection criterion for all third-party providers. Vendors involved in critical activities are required to maintain and share their own continuity policies, and their resilience is periodically evaluated as part of Warren's vendor management process.