Introduction
This document provides the information our customer’s need to integrate Plum into their business continuity and disaster recovery plans. It discusses how Plum views business continuity and how customers should view the platform in the context of their business continuity.
The audience for this document is risk managers and business continuity planners within Plum’s customer organizations.
Plum’s Services and Business Continuity
Plum Should Not Be Treated as a Resilient Data Store
Plum provides a platform to support talent acquisition and talent management. From the lens of business continuity, Plum provides a set of tools to analyse the fit between people’s talents and an organization’s jobs. These tools require customers and candidates to submit data to the Plum platform. Plum turns this data into deep insights for our customers, and these insights are the output from our services. Data within the Plum platform is a consumable resource. It is retained to facilitate the user experience (for both the applicant and the hiring organization) and to meet regulatory requirements. The Plum platform should not, from a business continuity perspective, be considered a resilient data store; data held by the Plum service should be treated as a convenience copy. If a Plum customer considers data shared with the Plum service to be critical data from a business continuity perspective, it is the responsibility of the customer to implement measures within their organization to ensure the availability of this data.
Understanding Data on the Plum Platform
Data on Plum’s platform consists of:
- Plum profile data – this consists of user account information and the associated Plum profile. Plum profiles may be completed by individuals applying for jobs or by employees of Plum’s Talent Management customers. This data contains sensitive personal information.
- Job requisition data – this consists of basic information about the position being analysed and the criteria to be used for matching candidates to the position. This is customer data shared with the platform. No personal information is contained within job requisition data.
- Job match scores – this is the primary customer output of Plum’s platform. It is computed from a candidate’s talent profile and the match criteria for a position. It is considered by Plum to be customer data. It contains personal information about the candidate and represents a transfer of data from Plum to the customer. This transfer is initiated by the candidate when they choose to submit their talent profile to be matched to a position.
- Customer user identity (account) data – user identifiers, basic contact information, and authenticators. This is considered customer data. This contains personal data.
- Aggregated data –used for research and product improvement. This is considered to be Plum data
- Configuration data – data internal to the platform required by the platform for operation. This is considered to be Plum data.
Business Continuity Approach
Plum’s approach to business continuity is to ensure that Plum’s platform is available to its customers and that inconvenience to users (both customer organizations and candidates) is minimized.
This means that, in the event of significant interruption, our first priority is to ensure that the Plum platform is operating and accessible with as little interruption as possible. It also means that we will take all reasonable measures to prevent the need to re-enter data. However, extra-ordinary measures to preserve data will not be taken. In particular, we will prioritize security of data over its availability during recovery operations.
Recovery Objectives
This section addresses what a customer needs to know to plan for business continuity in the event of a Plum service interruption.
The recovery objectives depend on the nature of the interruption. The recovery objectives are summarized in the following table. In this table,
- Recovery Time Objective (RTO) is the time to restore the service in the event of an interruption
- Recovery Point Objective (Target RPO) is the target length of time from the interruption to the last stable service state.
| Business Function | Scenario Class | RTO | RPO |
| Talent Resilience Platform | Any scenario in which AWS us-east-1 region is available and accessible | 1.5h | 5 min |
| Talent Resilience Platform | Widespread internet outage affecting the US east coast. RTO is stated in terms of time from restoration of network access | +30 min | 5 min |
| Talent Resilience Platform | Catastrophic failure of AWS rendering the entire us-east-1 region unavailable. Other AWS regions remain operational | 1 week | 48 hours |
| Talent Resilience Platform | Unrecoverable catastrophic failure of AWS. | 6 weeks | 30 days |
Communications and Key Contacts
Each customer provides Plum with a primary contact to whom all operational notices are provided. Customers are encouraged to provide secondary contacts to be included in any communications related to an interruption requiring invocation of business continuity measures.
Plum will notify its customers of interruptions by email and on its website Plum.io. If email is unavailable, Plum will contact customers by telephone.
The following are the key Plum contacts in the event of an outage. Customer specific contact points and alternate contact channels will be documented in the customer contract.
| Purpose | Contact |
| General status and redundant communication | email: help@plum.io |
| Media | Caitlin MacGregor email: caitlin@plum.io |
| Technical Escalation | Scott Allen email: scott@plum.io |