Effective Date: 1 December 2025
Version: 2.0
Issuing Entities:
- Strategic Global Holdings Pty Ltd (ACN 693 256 503)
- Superspeed.ai Pty Ltd (ACN 660 530 090), trading as Cushi.ai / Cushi.app
Governance Oversight: Group CEO, Strategic Global Holdings Pty Ltd
Review Cycle: Annual or earlier if required by law or operational change
1. PURPOSE
This Business Continuity Statement outlines how Superspeed.ai Pty Ltd (“Cushi”) maintains the availability of its services during disruptive events. It aligns with ISO 22301, ISO/IEC 27001:2022, NIST SP 800-34, the Australian ISM, and APRA CPS 232.
2. COMMITMENT TO CONTINUITY & RESILIENCE
Cushi is committed to resilient cloud operations, minimising service disruption, and rapidly restoring functionality. The Business Continuity Management System (BCMS) supports uninterrupted delivery of core services.
3. SCOPE
Applies to:
• Cushi.ai platform
• Authentication and identity systems
• AI engines and workflows
• Cloud infrastructure
• Internal operations and support
• Subprocessors and suppliers
4. BUSINESS IMPACT ANALYSIS (BIA)
Cushi conducts BIAs to identify:
• Critical business functions
• Dependencies (cloud, network, identity, AI components)
• Maximum tolerable downtime
• Recovery priority sequencing
5. RESILIENCE & CONTINUITY MEASURES
5.1 Infrastructure Resilience
• Redundant cloud zones
• Auto-scaling
• Isolated environments
• Failover mechanisms
5.2 Data Resilience
• Encrypted backups
• Multi-region replication
• Daily integrity checks
5.3 Application Resilience
• Blue/green deployments
• Health checks
• Automated recovery
6. DISASTER RECOVERY (DR)
Aligned with ISO 22301 and ISO 27001 Annex A.17.
RTO Targets:
• Critical services: ≤ 4 hours
• Supporting services: ≤ 24 hours
RPO Targets:
• Critical data: ≤ 1 hour
• Other data: ≤ 24 hours
7. INCIDENT RESPONSE INTEGRATION
BCMS integrates with Cushi’s IR framework:
• Joint invocation criteria
• Escalation workflows
• Regulatory notifications (GDPR, APPs, CPRA, PIPL)
8. PEOPLE & OPERATIONS CONTINUITY
• Cross-trained personnel
• Remote-first continuity capability
• Secure remote access
• Documented role substitution plans
9. SUPPLIER & SUBPROCESSOR CONTINUITY
Cushi requires critical suppliers to:
• Maintain BCP/DR capability
• Provide assurance documentation
• Undergo annual reviews
Fallback supplier paths exist where appropriate.
10. TESTING & VALIDATION
• Annual BC/DR simulations
• Tabletop exercises
• Failover testing
• Supplier verification
• Post-incident reviews
11. COMMUNICATION DURING DISRUPTIONS
• Status page
• Email advisories
• In-app messaging
• Dedicated disruption communications
12. CONTINUOUS IMPROVEMENT
Driven by lesson-learned exercises, regulatory evolution, technology uplift, and supplier findings.
VERSION CONTROL & GOVERNANCE
© 2025 Superspeed.ai Pty Ltd (ACN 660 530 090), trading as Cushi.ai / Cushi.app.
Part of the Strategic Global Holdings Pty Ltd Group (ACN 693 256 503). All rights reserved.
Privacy: privacy@cushi.ai | Security: security@cushi.ai | Support: support@cushi.ai