Referred customers receive a 10% discount on all core offerings and solutions - up to $5,000. Contact us now!
Book a Demo

Resilience & Compliance

Business Continuity & Disaster Recovery

Classification: External / Client-FacingContact: security@toku.com

Business Continuity Plan (BCP)

Toku maintains a Business Continuity Plan covering payroll processing and payment settlement continuity during disruptions. The BCP addresses natural disasters, infrastructure outages, pandemic scenarios, key personnel loss, and third-party provider failures.

The BCP identifies critical business functions, defines recovery priorities, and assigns ownership for continuity actions.

Disaster Recovery Plan (DRP)

Toku's Disaster Recovery Plan is focused on the technical recovery of systems, data, and infrastructure following a disruptive event. The DRP is tested annually at minimum, using validation exercises including tabletop exercises, structured walkthroughs, and simulation tests.

The DRP covers recovery procedures for all production systems, databases, and integration infrastructure. Recovery time and recovery point objectives are defined and regularly validated through testing.

Annual Testing

The Disaster Recovery Plan is tested at a minimum annually by the Security Officer in coordination with the Engineering Team. Testing types include:

  • Tabletop exercises with cross-functional stakeholders
  • Structured walkthroughs of recovery procedures
  • Simulation tests of specific failure scenarios

Findings from each test are documented, and remediation plans are created and tracked to completion. Test results are retained for SOC 2 and regulatory audit purposes.

BCP/DRP/IRP Drill Program

Toku conducts combined Business Continuity, Disaster Recovery, and Incident Response drills that simulate realistic scenarios. These drills test the organization's ability to detect, respond to, and recover from incidents while maintaining business operations.

Drill documentation includes all actions performed, resources utilized, and system changes made. This documentation is retained for post-incident analysis and compliance auditing.

Data Backup and Recovery

All production data is backed up with AES-256 encryption using separate key management from production systems. Backup integrity is verified through automated checks. Recovery procedures are documented and tested as part of the annual DRP testing program.

Third-Party Dependency Resilience

Toku plans for disruptions involving third-party dependencies through monitoring, incident response, and documented recovery procedures:

  • HRIS/Payroll platform outages are detected through integration monitoring and do not block access to previously synced data.
  • Custody provider outages are handled through the incident response process, with client communication, compensating controls, and documented recovery steps.
  • Cloud infrastructure uses built-in redundancy within US data center regions.

Documentation Availability

The following documents are available to clients upon request under NDA:

  • Business Continuity Plan (summary)
  • Disaster Recovery Plan (summary)
  • Incident Response Plan (summary)
  • Most recent DRP test results and remediation plan

Contact security@toku.com to request access.