Hevitas

Continuity as a service

One place for BCP documentation.Controlled, current, and callable in a crisis.

Hevitas is a dedicated document store for business continuity and recovery: structured metadata, mandatory approvals, expiry discipline, and an audit trail that holds up when stakeholders ask what happened and when.

Explore capabilitiesWhat we are building next
Governance
Four-eyes on live changes
Resilience
Offline-ready, encrypted exports
Evidence
Immutable logs & file hashes

Capabilities

Built around how continuity teams actually work - not generic file sharing.

Identity & access

Non-integrated, organization-first

  • Register your organization and a Global Admin
  • Multiple recovery emails when the primary domain is unavailable
  • RBAC: Super Admin, Document Owner, Peer Reviewer, Read-only
  • Mandatory MFA: TOTP (Authenticator / Authy) or hardware keys (e.g. YubiKey)
  • Emergency recovery codes for lost MFA during a crisis

Document lifecycle

From draft to published, with guardrails

  • Secure upload: PDF, DOCX, XLSX, and PNG (e.g. network diagrams)
  • Metadata: Scenarios (ransomware, site loss, …) and criticality (P1 vital, P2 supporting)
  • Four-eyes approval: changes to live documents require a designated second approver
  • Clear Draft vs Published versioning
  • Validity & recertification: expiries, 30 / 14 / 7-day nudges, “Mark as valid” with peer review
  • Soft-delete: 30-day recycle bin, then permanent cryptographic erasure

Crisis operations

Break-glass when it matters

  • Crisis dashboard: high-contrast UI surfacing top critical recovery documents on login
  • Emergency contact directory: structured data for mobiles and personal emails - not buried in files
  • PWA: star documents for encrypted local cache and offline viewing
  • Bulk export: download all approved recovery docs in one encrypted ZIP

Testing & remediation

Close the loop after every exercise

  • Exercise scheduler: recurring BCP drills (e.g. annual tabletop, bi-annual DR)
  • Post-exercise feedback forms captured at the moment of the test
  • Remediation tracker: findings with owners, due dates, and links to specific documents
  • Compliance-style reporting: test compliance visibility across the organization

Audit & compliance

Evidence you can stand behind

  • Immutable audit trail: read, write, edit, delete - with timestamps and IP addresses
  • Read-receipts: know who opened or downloaded the latest BCP version
  • SHA-256 integrity hashing per file; users can verify files have not been tampered with

Roadmap

In progress: incident data access & continued operations

When primary systems are unavailable, teams still need the right data and a way to keep essential work moving. We are building pathways to reach continuity-critical information during an incident, paired with lightweight stand-ins for key business flows so operations do not stall. An LLM layer helps people surface the documents, contacts, and procedures they need without hunting through folders under pressure - alongside the governed recovery library you already keep in Hevitas.