WHO WE ARE
About US Our Team Research System Approaches to Achieving Alpha Security System Contact us
TRADE WITH US
Insights & Education
Cash
Automated Investing
Download
Enterprise Resilience
Our Commitment to Providing High-Quality, Resilient Services

VoidMetrix is committed to providing high-quality, resilient services to its clients. Significant resources and effort are dedicated to the Business Continuity Management (BCM) and technology Disaster Recovery (DR) programs designed to meet or exceed legal and regulatory obligations in the locations we operate.

VoidMetrix maintains business continuity (BC) plans to facilitate the continuity of business in the event of a business disruption. VoidMetrix’s executive management provides oversight and governance to the firm’s BCM program, supported by the Business Continuity Management team, which manages the program.

VoidMetrix maintains disaster recovery (DR) plans and procedures to enable a rapid response to an event impacting its technology and data. Redundancy is the focal point of VoidMetrix’s Disaster Recovery program. Each data center is served by physically diverse circuits, secondary networks, and alternate power sources. Primary and secondary data centers are appropriately distanced, mitigating the impact of a regional event. Applications are maintained in both the primary and secondary data centers while data is replicated in near real-time. VoidMetrix’s DR Program relies on the Technology Risk Management team to provide oversight and governance.

Both programs are routinely examined by VoidMetrix’s internal audit team and external regulators. The results of these reviews and metrics are reported to the appropriate governance bodies, as required.

The programs have several key elements, including:

Risk Assessment & Monitoring: VoidMetrix performs annual Site Risk Assessments for offices worldwide. The results of the assessment drive risk mitigation activities, including enhanced site resilience, business continuity planning, and additional recovery strategies. A comprehensive weekly Risk Outlook is created to identify potential threats to VoidMetrix staff and offices worldwide. Threats are reviewed, escalated, and managed by senior-level staff, and disseminated broadly for awareness and action as appropriate.

BC/DR Planning: BC/DR planning at VoidMetrix focuses on three main areas:

1. Business Continuity Plans: VoidMetrix maintains Business Continuity Plans (BCPs) for business functions at each office globally. Key components include:

 Business Impact Analysis (BIA): Assesses financial and non-financial impacts of losing a critical process. Each department reviews and updates information for every critical process annually, driving planning and recovery strategies.

 Business Recovery Plans: Procedures to recover critical processes and ensure continuity of operations during business disruptions. These include recovery strategies for personnel, data, communications, information processing, and facilities. Recovery strategies are validated through annual exercises.

2. Disaster Recovery Plans: DRPs incorporate fail-over strategies and are designed to recover from disruptive events affecting data centers or single servers. Key elements include:

 Communication Plan: Details how personnel will be engaged and the frequency and method of communication during an event.

 Incident Management Plan: Includes information for establishing and maintaining an incident response team, management team responsibilities, and a decision-making and escalation methodology.

 Recovery Plans: Include requirements, configuration, and execution procedures for failing over each application to a secondary data center.

3. Pandemic and Emerging Health Concerns: BCPs identify potential risks related to staff absenteeism from pandemics or other health concerns. Managed by VoidMetrix’s Health & Safety team, this global program is implemented at local/regional levels and addresses supplies, cleaning, social distancing strategies, and crisis management response triggers.

Crisis Management

VoidMetrix's Crisis Management program provides a global framework for responding to disruptive events, encompassing the following elements:

• Crisis Management Call Lists: Including key global and regional business heads.

• Command and Control Structure: Identifying primary and alternate team members to cover key roles.

• Automated Crisis Notification System: Capable of broadcasting messages to designated staff in the event of a crisis. Notifications are sent via email, work and personal phones, and text messages.

• Employee Support Hotline and Emergency Websites: Providing staff updates and assistance.

Training and Awareness

VoidMetrix employs several methods to ensure employees understand their critical roles in preparing for and responding to potential business disruptions. Methods include:

• Mandatory Annual All Staff Emergency Preparedness Online Training.

• Business Recovery Exercises.

• Data Center Recovery Tests.

• Crisis Management Training and Exercises.

• Periodic, Threat-Specific Awareness/Learning Sessions.

Exercises & Testing

VoidMetrix conducts exercises of its Business Continuity Plans (BCPs) to verify the appropriateness of procedures for recovering business operations and to ensure key personnel are familiar with documented procedures. Each year, several exercises are performed, including:

• Remote Access (e.g., from home or another external location).

• Alternate Location (e.g., dedicated recovery site or alternate VoidMetrix office).

• Work Transfer (e.g., transferring workload to an unaffected office and team).

• System Fail-over Testing, including involving external vendors where appropriate.

• Evacuation Drills, Notification System Tests, and Periodic Generator Tests.

Business Continuity exercise results are documented, reviewed, and distributed as appropriate following each exercise. Recommendations for improvements to the recovery process are identified, risk-rated, and any corrective actions clearly defined and assigned to the appropriate personnel.

VoidMetrix conducts an annual Disaster Recovery test for each of its production data centers. During the test, the data center is isolated from the VoidMetrix network to simulate a total loss of the facility. Applications are failed over to secondary data centers within the stated Recovery Time Objective (RTO), and functionality is validated by qualified testers.

DR test results are documented, reviewed, and distributed to key executives following each test. Documentation includes an overview of the recovery times, a pass/fail assessment of all applications, and a plan to remediate any issues discovered during the testing life cycle.

Third-Party Oversight

A critical component of VoidMetrix's Enterprise Resilience planning process is its supplier management framework, which includes periodic reviews of the business continuity and disaster recovery programs for key service providers. Risk assessments are used to determine the criticality of each service provider. For the most critical service providers, VoidMetrix conducts targeted reviews and evaluations of BCM and DR plans and, where appropriate, on-site visits.