Business Continuity & Recovery Plan

Owner

Simple Software Development LLC

Product

Edminhub

Version

1.0

Effective Date

29 April 2026

Important notice: This document describes reasonable continuity and recovery practices for Edminhub. It does not create an absolute guarantee of uninterrupted service, data recovery in every circumstance, or immunity from cyber threats, third-party outages, user error, force majeure events, or customer-side failures.

Document item	Detail
Owner	Simple Software Development LLC
Product	Edminhub
Version	1.0
Effective date	29 April 2026
Classification	Customer-facing service documentation
Contact	info@simplesoftwaredevelopment.com
Website	www.simplesoftwaredevelopment.com
Address	131 Continental Dr, Suite 305, Newark, Delaware

1. Introduction

Edminhub is a school management platform owned and operated by Simple Software Development LLC. The platform supports school administration processes such as learner records, teacher information, attendance, subjects, classes, academic records, disciplinary processes, documents, communication, and related operational activities.

This Business Continuity & Recovery Plan describes how Simple Software Development LLC aims to maintain, restore, and support Edminhub in the event of service disruption, system failure, data loss risk, cyber incident, infrastructure outage, or other operational interruption.

The plan is intended to support transparency with schools while preserving practical flexibility for Simple Software Development LLC to respond to incidents based on their severity, cause, technical complexity, third-party dependencies, legal requirements, and information available at the time.

2. Scope

This plan applies to the Edminhub platform and the services operated by Simple Software Development LLC for customer schools. It covers reasonable continuity and recovery arrangements for application availability, infrastructure dependencies, backups, restoration, support communications, incident escalation, and post-incident improvement.

This plan does not cover systems, devices, networks, internet connections, identity providers, third-party tools, integrations, or internal school processes that are selected, managed, configured, or controlled by the school or its users.

3. Business Continuity Objectives

The primary objectives of this plan are to:

Protect the safety, security, confidentiality, integrity, and availability of information processed through Edminhub where reasonably possible.
Restore critical Edminhub service functions following a disruption as quickly as commercially and technically reasonable.
Reduce the risk of avoidable data loss through backup, monitoring, and controlled operational practices.
Provide clear internal escalation and customer communication during material incidents.
Support schools with reasonable information required for their own continuity, governance, legal, parent communication, or regulatory obligations.
Review incidents after recovery and improve the platform, procedures, controls, or documentation where practical.

4. Continuity and Recovery Principles

Principle	Application to Edminhub
Reasonable efforts	Simple Software Development LLC will take reasonable steps to maintain and restore service but does not guarantee uninterrupted service or recovery in every scenario.
Risk-based response	Response priority will be based on severity, number of affected schools, sensitivity of affected data, security risk, operational impact, and available technical evidence.
Shared responsibility	Edminhub is responsible for the platform environment it controls. Schools remain responsible for their users, devices, access assignments, legal basis for data processing, exports, and internal recordkeeping.
Security first	Where a disruption involves suspected compromise, containment and investigation may take priority over immediate restoration if restoring too quickly could increase risk.
No admission of liability	Operational updates, incident communications, or recovery efforts do not constitute an admission of fault, liability, negligence, or breach by Simple Software Development LLC, its directors, officers, members, employees, agents, or contractors.

5. Critical Services and Recovery Priority

The following service areas are prioritised during recovery. Actual recovery sequence may vary depending on the cause and technical nature of the incident.

Priority	Service area	Recovery focus
1	Authentication and core platform access	Restore safe user login, session handling, and core platform availability where technically possible.
2	Database availability	Protect and restore access to school data, subject to backup availability, integrity checks, and security validation.
3	Learner and school records	Restore access to core learner, class, attendance, academic, and administrative records.
4	File storage and documents	Restore access to uploaded documents and files where affected and where technically recoverable.
5	Communication functions	Restore notices, email-related functionality, alerts, and platform communications.
6	Reporting and non-critical features	Restore reporting, exports, dashboards, and non-essential enhancements after critical functions stabilise.

6. Recovery Targets

The targets below are planning targets only. They are not service guarantees, warranties, penalty commitments, or automatic service credit commitments unless expressly included in the applicable SaaS Subscription Agreement or written service order.

Measure	Planning target	Important qualification
Recovery Time Objective (RTO)	Target to restore critical platform functionality within a commercially reasonable period after the incident is identified and contained.	Actual restoration time depends on the cause, severity, third-party dependencies, data integrity checks, security investigation needs, and availability of required technical resources.
Recovery Point Objective (RPO)	Daily backup cycle with up to 7 days backup retention under the standard service arrangement.	Data created or changed after the most recent successful backup may not be recoverable unless special point-in-time backup arrangements are in place.
Customer communication	Material incidents affecting customer access or data will be communicated where appropriate.	Notification timing depends on incident confirmation, technical facts, legal requirements, and whether communication may compromise security investigation or containment.

7. Backup and Recovery Arrangements

Edminhub performs daily backups with a retention period of 7 days.

Point-in-time backups may be available where a school makes a special written arrangement with Edminhub / Simple Software Development LLC.

Backups are intended for disaster recovery and operational resilience. They are not intended to replace the school's own statutory recordkeeping, data governance, audit, compliance, independent export, or internal continuity obligations.

Backup item	Standard position
Frequency	Daily backups under the standard service arrangement.
Retention	7 days, unless otherwise agreed in writing.
Point-in-time recovery	Available only where specially arranged with Edminhub / Simple Software Development LLC and subject to technical feasibility, hosting capabilities, cost, and written agreement.
Restore requests	Handled based on urgency, technical feasibility, data volume, security validation, and operational impact.
Backup limitations	Backups may not recover every user action, recent change, deleted record, overwritten data, file version, or data affected by customer-side misuse or incorrect configuration.

8. Disruption Categories

Category	Examples	Response approach
Minor service issue	Intermittent slowness, isolated error, non-critical feature issue.	Investigate, remediate, monitor, and communicate where required.
Major service outage	Platform unavailable for multiple users or one or more schools.	Escalate internally, identify root cause, restore critical service, communicate material updates.
Data availability issue	Data not loading, corrupted record, accidental deletion, failed import.	Assess scope, secure evidence, determine restoration options, support school where reasonable.
Security incident	Suspected unauthorised access, credential compromise, malware, exploited vulnerability.	Follow the Incident Response Procedure. Containment and investigation may take priority over immediate restoration.
Third-party service outage	Cloud provider, hosting, email, storage, monitoring, or internet service disruption.	Monitor provider status, apply workarounds where practical, restore dependent functions when provider service resumes.
Customer-side issue	School network outage, user device issue, incorrect permissions, shared passwords, misconfiguration.	Provide reasonable support guidance, but responsibility remains with the school.

9. Business Continuity Response Process

When a material disruption is identified, Simple Software Development LLC will follow a structured response process where practical:

1
Detection and logging: Identify the issue through monitoring, customer report, support request, system alert, or internal review.
2
Initial assessment: Determine severity, affected services, affected schools, data risk, security implications, and whether third-party providers are involved.
3
Containment: Take reasonable steps to limit impact, which may include disabling affected functions, restricting access, isolating systems, or pausing integrations.
4
Recovery planning: Determine the safest and most practical restoration path, including whether backup restoration, provider escalation, code rollback, configuration correction, or customer action is required.
5
Service restoration: Restore critical services first, then non-critical functions, subject to validation and security checks.
6
Customer communication: Notify affected schools where appropriate and provide reasonable updates based on available facts.
7
Post-incident review: Review root cause, lessons learned, control improvements, customer follow-up requirements, and documentation updates.

10. Internal Roles and Responsibilities

Role	Primary responsibilities
Business Continuity Lead	Coordinates the continuity response, prioritises recovery, approves customer communications, and confirms when normal operations have resumed.
Technical Lead	Investigates root cause, coordinates technical recovery, validates system integrity, and supports restoration activities.
Security Lead	Assesses whether the incident involves security risk, unauthorised access, data exposure, malware, or control weakness.
Customer Communication Contact	Prepares customer-facing updates and records communication decisions.
Executive or Director Oversight	Provides oversight for major incidents, legal exposure, reputational risk, major customer impact, or high-severity continuity events.

One individual may perform more than one role depending on the size, severity, and timing of the incident. Role allocation may change as the company grows.

11. Customer Responsibilities

Business continuity is a shared responsibility. Schools remain responsible for continuity measures within their own environment and for school-level operational decisions.

Customer responsibility	Description
User access management	Create, update, and remove user accounts promptly. Ensure users receive only the access required for their duties.
Credential protection	Prevent shared passwords, weak passwords, and unauthorised account sharing.
Device and network security	Ensure school devices, browsers, networks, and internet access are reasonably secure and maintained.
Independent recordkeeping	Maintain school-level copies, exports, or records where required by policy, law, audit, or operational need.
Data accuracy	Ensure information entered into Edminhub is accurate, lawful, and authorised.
Legal basis and consent	Ensure the school has the necessary authority, consent, legal basis, institutional mandate, or parent/guardian authorisation for learner data processing.
Incident reporting	Notify Edminhub promptly if the school suspects unauthorised access, data loss, misuse, credential compromise, or platform abuse.
Internal continuity plans	Maintain school-level procedures for operating during internet outage, user device failure, local power failure, or other customer-side disruption.

12. Communication During Material Incidents

Simple Software Development LLC will communicate with affected schools where appropriate during material incidents. Communications may include the known issue, affected service areas, workarounds where available, expected next update where practical, and any actions required from the school.

Communications will be based on facts reasonably known at the time and may be updated as investigation continues. Early communications may be incomplete because the priority may be containment, evidence preservation, security validation, or service restoration.

Communication type	Typical use
Initial notice	Used when a material disruption or confirmed issue affects one or more schools.
Status update	Used to provide progress information during extended disruption or recovery.
Resolution notice	Used when service is restored or the immediate issue is resolved.
Post-incident summary	May be provided for major incidents where a summary is appropriate and does not compromise security, confidentiality, legal rights, or third-party obligations.

13. Security Events and Data Incidents

If a continuity event involves suspected or confirmed unauthorised access, data exposure, malware, ransomware, exploited vulnerability, credential compromise, or other security risk, the Edminhub Incident Response Procedure will apply.

In such cases, Simple Software Development LLC may temporarily suspend access, disable features, rotate credentials, restrict administrative functions, or take other containment measures if reasonably required to protect the platform, affected schools, data subjects, or the wider service environment.

Incident communications, cooperation, investigation, recovery, or remedial actions do not constitute an admission of liability, fault, negligence, unlawful conduct, or breach by Simple Software Development LLC, its directors, officers, members, employees, agents, contractors, or affiliates.

14. Third-Party Dependencies

Edminhub may rely on reputable third-party providers for hosting, infrastructure, storage, database services, email delivery, monitoring, backups, support, security, analytics, and related operational services.

Disruptions at third-party providers may affect the availability or performance of Edminhub. Simple Software Development LLC will take reasonable steps to monitor, escalate, work around, or recover from third-party disruptions where commercially and technically practical. However, Simple Software Development LLC cannot guarantee the performance, availability, security, or recovery timelines of third-party providers outside its reasonable control.

15. Manual Workarounds for Schools

Schools should maintain practical manual workarounds for short-term disruption to digital systems. Recommended school-level workarounds include:

Maintain emergency contact lists for staff, parents, guardians, and key school administrators.
Keep a local process for capturing attendance when the platform or internet connection is unavailable.
Maintain manual or offline templates for urgent disciplinary notes, incident reports, or academic observations.
Export important reports or records periodically where required by the school's own compliance or operational needs.
Define who at the school may contact Edminhub support during urgent incidents.
Ensure school staff know how to operate during local power outages, internet failures, or device failures.

16. Testing, Review, and Improvement

Simple Software Development LLC may review and improve its continuity and recovery practices over time based on platform maturity, customer requirements, operational experience, incident lessons, risk assessments, and commercially reasonable security improvements.

Activity	Planned approach
Backup review	Review backup configuration and retention practices periodically or after material platform changes.
Restore testing	Perform restore checks where commercially and technically practical, especially after material infrastructure changes.
Incident review	Review major incidents to identify lessons learned and practical control improvements.
Documentation review	Update this plan when material changes are made to backup, hosting, support, recovery, or security practices.
Security improvement	Strengthen access control, monitoring, logging, development practices, and recovery controls as the platform matures.

17. Legal and Liability Position

This plan is intended to describe continuity and recovery practices. It does not create a warranty, guarantee, service credit, penalty obligation, insurance obligation, fiduciary duty, professional advisory relationship, or expanded legal duty beyond what is expressly agreed in the applicable written agreement with the school.

To the fullest extent permitted by applicable law, Simple Software Development LLC, its directors, officers, members, employees, agents, contractors, and affiliates shall not be liable for indirect, incidental, special, punitive, exemplary, or consequential loss arising from any disruption, outage, data loss, restoration delay, third-party failure, customer-side failure, cyber event, force majeure event, or use of Edminhub.

Nothing in this plan is intended to expand Simple Software Development LLC's liability beyond the limits agreed in the applicable SaaS Subscription Agreement, Data Processing Agreement, Privacy Policy, or other written contract with the school.

18. Force Majeure and Events Outside Reasonable Control

Simple Software Development LLC will not be responsible for failure or delay in performance caused by events outside its reasonable control. Such events may include natural disasters, power grid failure, telecommunications failure, internet outage, labour dispute, war, terrorism, civil unrest, pandemic, government action, cyberattack, ransomware, denial-of-service attack, failure of third-party providers, or other events beyond reasonable control.

During such events, Simple Software Development LLC will use commercially reasonable efforts to reduce impact and restore affected services where practical.

20. Approval and Review

Item	Detail
Document owner	Simple Software Development LLC
Effective date	29 April 2026
Review cycle	At least annually or after a material incident, major infrastructure change, material legal change, or major platform change.
Version	1.0

21. Contact

Questions about Edminhub business continuity, recovery, security, or data protection may be directed to: