Effective Date: 1 January 2025
Version: 2.0 — Ultra-Final (Djenie Edition)

1. PURPOSE

This Business Continuity Statement outlines how In Delay There Lies No Plenty Pty Ltd ACN 162 881 138 ATF Future Thinking Family Trust t/a Djenie ABN 98 399 797 036 (“Djenie”) maintains the availability and resilience of its membership-management services, consulting operations, and supporting infrastructure during disruptive events. It aligns with ISO 22301, ISO/IEC 27001:2022 Annex A.17, NIST SP 800-34, the Australian ISM, and APRA CPS 232.

2. COMMITMENT TO CONTINUITY & RESILIENCE

Djenie is committed to resilient cloud and operational continuity, ensuring minimal service interruption and rapid restoration of core features, including the Scouts QLD Membership Management System (SMS v2), client portals, and internal operational systems.

3. SCOPE

This Statement applies to:

  • Djenie’s membership management platform (SMS v2)
  • Authentication and identity systems
  • Customer portals, data storage, and workflow engines
  • Cloud infrastructure and all Djenie-managed hosting layers
  • Internal business operations, communications, and support services
  • Key suppliers, critical subprocessors, and technology partners

4. BUSINESS IMPACT ANALYSIS (BIA)

Djenie conducts periodic BIAs to identify:

  • Critical business functions
  • Dependencies (cloud, network, identity, database systems)
  • Maximum tolerable downtime and recovery priorities
  • Required sequencing for restoring services

5. RESILIENCE & CONTINUITY MEASURES

5.1 Infrastructure Resilience

  • Redundant cloud regions and availability zones
  • Auto-scaling of core workloads
  • Isolated dev/staging/production environments
  • Failover-ready service architecture

5.2 Data Resilience

  • Encrypted backups (AES-256)
  • Multi-region replication
  • Daily integrity and consistency checks

5.3 Application Resilience

  • Blue/green deployments
  • Health-check monitoring
  • Automated recovery routines

6. DISASTER RECOVERY (DR)

Djenie maintains a DR framework aligned with ISO 22301 and ISO 27001 Annex A.17.
RTO Targets:

  • Critical services (platform login, core data access): ≤ 4 hours
  • Supporting services: ≤ 24 hours
    RPO Targets:
  • Critical data: ≤ 1 hour
  • Other data: ≤ 24 hours

7. INCIDENT RESPONSE INTEGRATION

The BCMS integrates with Djenie’s incident response process:

  • Joint invocation triggers
  • Severity classification workflows
  • Notification requirements (regulators, partners)
  • Structured post-incident review

8. PEOPLE & OPERATIONS CONTINUITY

  • Cross-trained personnel for critical functions
  • Remote-first continuity model
  • Secure remote access with MFA and RBAC
  • Role substitution documentation

9. SUPPLIER & SUBPROCESSOR CONTINUITY

Critical suppliers must:

  • Maintain their own BCP/DR capability
  • Provide documented assurance or certification
  • Undergo annual verification review

Fallback pathways are documented where practical.

10. TESTING & VALIDATION

  • Annual DR simulations
  • Tabletop continuity exercises
  • Failover and restoration testing
  • Supplier capability reviews
  • Post-incident analyses

11. COMMUNICATION DURING DISRUPTIONS

Djenie communicates disruptions through:

  • Email advisories
  • Admin-level alerts within client portals
  • Direct contact with affected organisations

12. CONTINUOUS IMPROVEMENT

Continuous BCMS enhancement is driven by:

  • Lessons learned from exercises
  • Regulatory changes
  • Supplier performance reviews
  • Technology and architecture upgrades

VERSION CONTROL & GOVERNANCE

Version: 2.0 — Ultra-Final (Djenie Edition)
Effective Date: 1 January 2025
Approval: Chief Executive Officer, Djenie
Change Summary: Full rewrite from Cushi version; scope aligned to SMS v2, resilience controls updated, supplier obligations clarified, and governance adapted to Djenie corporate structure.
Review Cycle: Annual or earlier if necessary.