Overview. Emergency Response. Crisis Management



Similar documents
Appendix 3 Disaster Recovery Plan

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

BCP and DR. P K Patel AGM, MoF

Risk mitigation for business resilience White paper. A comprehensive, best-practices approach to business resilience and risk mitigation.

Interagency Statement on Pandemic Planning

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Building and Maintaining a Business Continuity Program

BUSINESS CONTINUITY POLICY

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

FFIEC Cybersecurity Assessment Tool

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Intel Business Continuity Practices

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Overview of how to test a. Business Continuity Plan

Contingency Planning Guide

DISASTER RECOVERY PLANNING GUIDE

Emergency Response Plan

Ohio Supercomputer Center

EMERGENCY PREPAREDNESS POLICY

Why Should Companies Take a Closer Look at Business Continuity Planning?

10-POINT FRAMEWORK. for Pandemic Influenza Business Preparedness

Temple university. Auditing a business continuity management BCM. November, 2015

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan

Continuity of Business

state of south dakota Bureau of Information & Telecommunications Provide a Reliable, Secure & Modern Infrastructure services well-designed innovative

BUSINESS CONTINUITY PLAN OVERVIEW

Testimony of. Edward L. Yingling. On Behalf of the AMERICAN BANKERS ASSOCIATION. Before the. Subcommittee on Oversight and Investigations.

Business Continuity Management Software

Disaster Recovery Policy

Top Ten Technology Risks Facing Colleges and Universities

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Appendix J: Strengthening the Resilience of Outsourced Technology Services

Building a strong business continuity plan

Thanks to Jim Goble, National City Corporation, for providing the resource material contained in this guide.

OREGON STATE UNIVERSITY MASTER EMERGENCY MANAGEMENT PLAN

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Principles for BCM requirements for the Dutch financial sector and its providers.

Creating a Business Continuity Plan for your Health Center

Business Continuity Plan

Kuala Lumpur, Malaysia, May Report

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

PREPARING YOUR ORGANIZATION FOR PANDEMIC FLU. Pandemic Influenza:

Page Administrative Summary...3 Introduction Comprehensive Approach Conclusion

All-Hazard Continuity of Operations Plan. [Department/College Name] [Date]

MEDIA RELEASE. IOSCO reports on business continuity plans for trading venues and intermediaries

Business Continuity Management and The Extended Enterprise

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015

Guideline on Business Continuity Management

Business Continuity Overview

Domain 1 The Process of Auditing Information Systems

IT Disaster Recovery Plan Template

Global Statement of Business Continuity

Boost BCM Program Maturity: Arm Your Team with the Right Tools. Jason Zimmerman Vice President Operations

SECTION 15 INFORMATION TECHNOLOGY

BUSINESS IMPACT ANALYSIS.5

Security in Space: Intelsat Information Assurance

How to Design and Implement a Successful Disaster Recovery Plan

BUSINESS CONTINUITY PLANNING GUIDELINES

How To Prepare For A Disaster

INCIDENT RESPONSE MANAGEMENT PLAN DECEMBER 2015

How to Plan for Disaster Recovery and Business Continuity

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

Plan Development Getting from Principles to Paper

Why Use Business Continuity Management Software? Bratislava, Slovak Republic Steve Kokol Vice President of International Sales.

Business Resiliency Business Continuity Management - January 14, 2014

BUSINESS CONTINUITY STRATEGY

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK

Enterprise Resiliency & Response Program Customer Overview May 2014

Business Continuity / Disaster Recovery Context

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Table of Contents ESF

What is an Exercise? Agenda. Types of Exercises. Tabletop Exercises for Executives. Defining the Tabletop Exercise. Types of Tabletop Exercises

It also provides guidance for rapid alerting and warning to key officials and the general public of a potential or occurring emergency or disaster.

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Business Resilience Communications. Planning and executing communication flows that support business continuity and operational effectiveness

Business Continuity and Disaster Recovery Planning

Business Continuity (Policy & Procedure)

ASX SETTLEMENT OPERATING RULES Guidance Note 10

IT Security Incident Management Policies and Practices

Technology Infrastructure Services

Transcription:

Prudential Financial s Preparedness Strategy Overview Emergency Response, Crisis Management, Business Continuation, Technology Disaster Recovery & Health Crisis Preparedness Prudential is committed to providing uninterrupted service to our customers, protecting the assets they have entrusted with us and safeguarding our associates and business resources. Overview The programs and plans we have put in place ensure the continuity of business and that we are there when our customers and business partners need us. Our Preparedness Strategy includes five areas: 1. Emergency Response 2. Crisis Management 3. Business Continuation 4. Technology Disaster Recovery 5. Health Crisis Preparedness The areas are built on programs, policies, standards, plans and training. We continually maintain and exercise our programs and plans according to the policies and standards. We have established objectives, metrics and reporting to provide a concise status of our readiness. Our programs and plans leverage our diversity in personnel, locations and businesses as well as our global presence and robust infrastructure. These attributes ensure that we are prepared to address events of any magnitude that may threaten to disrupt our business operations. Emergency Response Emergency Response to events is managed locally by a team consisting of facilities, security and medical personnel. Their role is to respond to the event in their location and minimizing impact to personnel, guests, assets and buildings. Their primary focus is life, safety and minimizing impact. Think of our facilities, security and medical personnel as Prudential s internal first responders. In responding to emergencies, the facilities, security and medical personnel adhere to their established protocols and procedures. As part of their response, they will interact with the public sector first responders (police, fire and medical). Crisis Management Our Crisis Management Program includes the monitoring, response, communication, escalation and coordination activities required to effectively manage any event that may impact our services, associates or resources. Our escalation process and response protocols assist us in handling any situation whether it requires our businesses continuation plans to be activated, is classified as a crisis or only requires monitoring. The following are six important elements within the Prudential Crisis Management Program: Prepared by Prudential Corporate Business Continuation and Crisis Management Page 1 of 5

1. Early warning mechanisms to identify signs and triggers of events that may escalate into a crisis. 2. Analysis and assessment of events to provide both tracking and trend reporting capabilities for domestic and international operations within Prudential. 3. Escalation and communication procedures to ensure that appropriate and consistent actions are taken. 4. Physical and virtual command centers to provide coordinated management of the event. 5. Crisis Management plans to address and document contacts and responsibilities, as well as our response, communication, escalation activities. 6. Trained crisis management teams including an Enterprise Security Crisis Management Team and Local Crisis Management Teams worldwide. Whenever possible and appropriate, we utilize industry accepted tools and processes. We complement these tools and processes with internally developed systems to provide costeffective solutions for preparedness. For example, we use an emergency notification system to quickly communicate with our associates through various communication devices. We partner with public sector entities and private sector peers for situational awareness and best practices. Our Crisis Management Program has focused on preparing for events ranging from active shooter and missing employees to civil unrest and severe weather. Business Continuation Our commitment to providing continued service and safeguarding our customers and shareholders interests means that we must ensure that we are prepared to continue critical business functions in the event of any disruptions and outages. This commitment and responsibility, down to the employee level, is documented in our standards and reinforced in our training programs. Where the Crisis Management Program focuses on our response to and management of events which may impact our operations, Business Continuation planning (BC) is a critical preparedness component to ensure our operations can continue or recover within expected timeframes. Business Continuation is the core of our Company s readiness state, and we believe we have a solid foundation in place as illustrated by the following attributes: 1. A centralized, enterprise wide Business Continuation Office accountable for developing and maintaining corporate standards (and validating those standards against industry practices such as US PS-PREP, NFPA1600, BS25999, FFIEC BCP Handbook, ISO 22301 Standard and COBIT Framework), procedures and training, as well as coordinating exercises, quality reviews and reporting. 2. A strong Business Continuation community with clearly defined roles and accountability at both the corporate and business division level supports the development and implementation of strategies. Every Business Group has a designated Business Continuation Officer responsible for applying the corporate standards within their organization and departmental Business Continuation Prepared by Prudential Corporate Business Continuation and Crisis Management Page 2 of 5

Planners responsible for assessing their business functions criticality, developing plans to recover those functions and exercising those plans. 3. We use industry-standard planning tools, defined service level metrics for testing functions, a well-documented training program, and standardized reporting to monitor risk and compliance. 4. Planning based on impact analysis and risk assessment. 5. A redundant system infrastructure utilizing our geographically dispersed data centers, recovery sites and vendor solutions (see the Technology Disaster Recovery section). 6. Alternate work area recovery sites including internal Hot Sites (locations available immediately) and Warm Sites (dual purpose and vendor locations available within 48 hours of plan activation). In addition, Prudential has a national United States contract with a leading recovery vendor (for network and work area components including over 1,600 recovery seats) and local solutions for non-usa locations. 7. A strong remote access and Work-From-Home infrastructure that allows critical personnel who do not need to perform their function from the office, to continue to work from any location. A comprehensive business continuation plan must take into consideration the different threats facing each business function, process and location. To address each threat specifically would be expensive and administratively difficult to maintain. To resolve this issue, Prudential follows the approach of: a) Focusing on the resulting impact, not only the threat; and b) Assessing the most likely threat and risk for the business function, location and region. In focusing on the impact, we have identified that different threats would cause similar impact and therefore could be addressed by similar solutions. The impact is categorized in outage scenarios and our business continuation standards include the requirement to plan for the following outage scenarios: 1. A power outage 2. A building is unavailable 3. A computer application is unavailable 4. A data center is unavailable 5. An internal or external dependency (including vendors and infrastructure) is unavailable 6. A high percentage of personnel is unavailable or limited 7. The resources within a whole city are unavailable or limited 8. The resources within a whole region are unavailable or limited A regional outage (scenario #8) is an event whose effects could feasibly cause a substantial disruption to business in the region. Prudential s business continuation, security and risk experts work with a leading risk management firm in performing assessments and assigning risk ratings to each region where we have operations. The ratings identify the specific regional threats for which business continuation planners must plan. Prepared by Prudential Corporate Business Continuation and Crisis Management Page 3 of 5

A viable business continuation plan must be tested. We require testing the recovery of all business functions based on their criticality. We continually evaluate risks and enhance our standards, and as a result we now require each of our businesses to: Plan for a reduced workforce due to health crisis (outage scenario #6) in conjunction with the Health Crisis Program. Our Health Crisis planning is focused on prioritizing critical work, defining essential personnel and critical vendors, and then developing supporting strategies to ensure that critical work can continue. Our strategies are comprehensive and include the most viable options, such as work-from-home solutions and cross training. Identify/map all critical dependencies (other business functions, systems/applications and vendors) and plan for their unavailability (outage scenario #5). Plan for regional outages (outage scenario #8) based risk ratings. Test their plans and solutions more comprehensively and in coordination for a given outage scenario. Assign personnel with appropriate levels and skill sets to BC roles. Technology Disaster Recovery Our centralized technology infrastructure promotes a secure, efficient, and controlled dataprocessing environment across the enterprise. Prudential s Global Business & Technology Solutions unit manages one of the most robust data processing operations in the industry, keeping our technology operations safe and secure. Key highlights include: All data centers have fully redundant power sources and utilize the latest innovations in fire protection. Prudential has a state-of-the-art, round-the-clock Operations Control Center that provides 24x7 intrusion detection, problem management process and centralized operations monitoring. Prudential s technology operations employ the latest technology and processes for Back-up/Recovery and leverages multiple internal data centers providing recovery capabilities for mainframe, distributed, (i.e., includes storage, database and other components), and network infrastructure. All critical Prudential data is imaged and backed up daily, then shipped to an off-site location as an additional fail safe system. Prudential utilizes multiple Call Centers and Remote Access Capabilities to allow business to continue across various locations. Prudential conducts multiple tests on a regular basis, including four major data center test dates in the U.S. and full system recovery tests annually. The Global Business and Technology Solutions (GBTS) unit BC Officer provides centralized technology BC planning, coordination and support. The GBTS BC Officer serves as the liaison between the Corporate Business Continuation Office and Prudential's technology/infrastructure support teams. GBTS manages the Enterprise IT Prepared by Prudential Corporate Business Continuation and Crisis Management Page 4 of 5

infrastructure supporting Business Continuation recovery for Prudential's various lines of business. Prudential s Information Security Office ensures that Prudential s information is kept safe and secure. Highlights of the Information Security program include: Enhanced controls to stay a step ahead of emerging threats including State-of-the-Art data protection and monitoring tools with 24x7 incident response capability. Ongoing virus and malware protection and email filtering. Innovative patch management and response readiness. Recurring network-level and application-level penetration testing. Ongoing awareness campaign with Social Engineering focus and recurring testing and real time user "coaching". Continual growth in correlation and intelligence capability to quickly defend against targeted malware. Detailed code review workflow within application quality assurance process to identify and remediate potential vulnerabilities. Health Crisis Preparedness Prudential s preparedness in the event of a reduced workforce also addresses various health crisis scenarios. In 2005, Prudential formed a Pandemic Preparedness Planning Team that has matured into a Health Crisis Team, chaired by Prudential s Chief Medical Officer. This corporate group has developed a plan that addresses the needs of both our domestic and international businesses. This comprehensive plan has enabled us to analyze, train and test to address potential health threats including a new severe strain of the influenza virus, biological events or chemical hazards. The following are key elements of the plan: 1. Monitoring of health concerns around the globe and early warning mechanisms 2. Response protocols based on severity levels and phases 3. Screening tools, social distancing procedures and cleaning/sanitizing protocols to limit exposure and spread 4. A web-based health tool to assist associates with health-related questions and provide information to help them prepare in the event of a health crisis 5. Prudential s 24-hour Facilities Status extranet site and Facilities Status Hotline, which provides continuous updates to employees regarding Company information or building closures 6. Utilization of Crisis Management and Business Continuation programs and personnel to respond to a health crisis 7. Prudential s Employee Assistance Program offers a number of support resources for employees and their family members during times of crisis For more information on Prudential Financial s Preparedness Strategy and individual programs, contact: The Corporate Business Continuation and Crisis Management Team 973-716-5377; protect@prudential.com OR The Global Security Command Center (staffed 24x7): 973-802-6675; GSCC@prudential.com Prepared by Prudential Corporate Business Continuation and Crisis Management Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information