Business Resiliency

Plan Name: Information Security

Approval Date:

Page 0 of 11
Plan-4237434

Information Security
Current Document:
Date Printed Printed By
09/23/2019 Diane Dalrymple
Current Approval:
Date Approved Plan Owner Overall Plan Status
Ron Meeting In Process

Review Status Awaiting Review

Plan Review Needed: Time to Review
Next Review Date:
Recovery Plan Type: Business Process Continuity Plan
Recovery Time Objective: 4 hours
Recovery Point Objective: 4 hours

Page 1 of 11
Table of Contents

TABLE OF CONTENTS ..........................................................................................................................2

INTRODUCTION .................................................................................................................................3

IMPACTED AREAS ..............................................................................................................................3

PLAN OWNER CONTACT INFORMATION .............................................................................................3

PLAN REVIEWER CONTACT INFORMATION..........................................................................................3

RECOVERY TEAM CONTACTS ..............................................................................................................4

RECOVERY STRATEGIES ......................................................................................................................4

RECOVERY STRATEGY NAME: REMOTE WORKING ..........................................................................................4
RECOVERY TASK: RT-960509 ...................................................................................................................4
RECOVERY STRATEGY NAME: TRANSFER OF WORK .........................................................................................5
RECOVERY TASK: RT-969730 ...................................................................................................................5
RECOVERY STRATEGY NAME: WORK AREA RECOVERY SITE ..............................................................................5
RECOVERY TASK: RT-2526707 .................................................................................................................5
RECOVERY STRATEGY NAME: CYBER SECURITY INCIDENT - RESPONSE .................................................................6
RECOVERY TASK: RT-960483 ...................................................................................................................6
RECOVERY STRATEGY NAME: TECHNOLOGY OUTAGE - RESPONSE ......................................................................6
RECOVERY TASK: RT-960510 ...................................................................................................................6
RECOVERY TASK: RT-960516 ...................................................................................................................7
RECOVERY TASK: RT-960534 ...................................................................................................................7

APPLICATION REQUIREMENTS............................................................................................................9

BUSINESS UNIT REQUIREMENTS .........................................................................................................9

THIRD PARTY REQUIREMENTS ............................................................................................................9

UPSTREAM BC/DR PLANS ..................................................................................................................... 10
DOWNSTREAM BC/DR PLANS ................................................................................................................ 10

Page 2 of 11
Introduction
Field Content

Purpose Business Resiliency plan to be used as a reference regarding the recovery

requirements and recovery strategies used by the Information Security business
unit in the event of a business disruption for an extended period of time.

Scope Data Governance

Security Operations
Security Policy & Program Management
Security Risk Assessments (Including new vendors)
Cyber Security
Cyber Incident Response
Cyber Security Awareness
Vulnerability Scanning & Remediation

Assumptions The plan has been reviewed by the Plan Owner within the past 12 months. The
Plan Owner has distributed the plan to relevant members of the business unit. The
plan is to be activated upon declaration of a business disruption incident or
emergency impacting the business unit.

Impacted Areas
The following Areas are within the scope of this Business Continuity Plan:
Type Name

Applications Archer

Facilities Charlotte Headquarters

Hartford Regional Office
London (20 OB - Europe HQ) Regional Office

Plan Owner Contact Information

Name (Full) Title Phone (Business Phone (Mobile) Email (Business)
Direct)
Ronald 17048057332
Meeting

Plan Reviewer Contact Information

Name (Full) Title Phone (Business Phone (Mobile) Email (Business)
Direct)
Christine Organizational 17048057644
Whitley Risk Analyst

Page 3 of 11
Recovery Team Contacts
Name (Full) Title Phone Email (Business)
(Business
Direct)
Andrew Lennon 17048057258 [Link]@.COM
Christine Whitley Organizationa 17048057644 [Link]@.com
l Risk Analyst
Colm O'Keeffe 442072141715 colm.o'[email protected]
Craig Sabadosa 18605092306 [Link]@.COM
Diane Dalrymple Director - 19804175876 [Link]@.COM
Organizationa
l Risk /
Business
Resiliency
Hetal Patel 442072141891 [Link]@.com

Recovery Strategies
Recovery Strategy Name: Remote Working
Estimated Duration Strategy Description
(mins)
5 In the event of a denial of access incident at a office location, associates with
remote working capabilities will be required to work remotely for the duration of
the incident.
remote working IT infrastructure is housed in the firm's Production and DR data
centers which are remote from all office locations. This separation ensures the
Remote Working infrastructure will be available for any denial of access incident
or event impacting any office location. The Remote Working Infrastructure has
been scaled to support large volumes of associates working remotely on a
concurrent basis. Previous tests have confirmed that critical processes and
activities can be maintained when associates work remotely.

Recovery Task: RT-960509

Estimated Duration Performed By Task Overview
(mins) (Roles and
Responsibilities)
5 Details steps required to access IT environment when
working remotely.
Recovery Task Script

Response
1. Ensure RSA token is available to key associates that are required to work remotely.
Action
2. Login to the network via GlobalProtect (if using a corporate device), RemotePC, or the Citrix Gateway
at [Link]
 Link to Citrix Applications: [Link]
 Link to BAM Citrix Applications: [Link]
 Link to Web applications: [Link]
NOTE: Utilizing RemotePC software is dependent on the office PC being powered on. In the event of a
power outage incident Remote PC may not be available. In this instance associates will need to utilize a
different remote access method to connect remotely to the network.

Page 4 of 11
Recovery Strategy Name: Transfer of Work
Estimated Duration Strategy Description
(mins)
0 In the event of a disruptive Incident or emergency, critical processing activities
will be transferred (where applicable) to associates based at an alternate office
location.

Recovery Task: RT-969730

Estimated Duration Performed By Task Overview
(mins) (Roles and
Responsibilities)
Transfer of Work Invocation

Recovery Task Script

Escalation
1. During initial phases of the Incident, contact associates in alternate office location and place them on
standby for invocation of Transfer of Work.
Communication/Response/Action
2. Invoke Transfer of Work.
3. Communicate to senior management team that a Transfer or Work plan has been invoked.
4. Consider communications that may be required with external parties (e.g. clients, service providers).
5. At the end of the incident arrange a handover meeting with agreed Transfer or Work location to
confirm any activities that remain outstanding.
6. Communicate to senior management and third parties (if applicable) that Transfer of Work Invocation is
over.

Recovery Strategy Name: Work Area Recovery Site

Estimated Duration Strategy Description
(mins)
120 Nominated associates transfer to the offices Work Area Recovery Site (if
available). This strategy is activated when an incident or disruptive event results
in an office closure. Associates who are required to work from the Work Area
Recovery Site will be notified by their Plan Leader or the Head of Business
Resiliency.

Recovery Task: RT-2526707

Estimated Duration Performed By Task Overview
(mins) (Roles and
Responsibilities)
120 Work Area Recovery Site Invocation Process.

Recovery Task Script

 Work Area Recovery site will be invoked by a member of the Business Resiliency Team.
 IT Desktop support staff will be on site at the Work Area Recovery site to assist associates
working from the site.

Page 5 of 11
  Associates arrive at the Work Area Recovery Site logon on to their allocated desk position and
undertake critical processing activities.

Recovery Strategy Name: Cyber Security Incident - Response

Estimated Duration Strategy Description
(mins)
5 Response to a cyber incident (e.g. ransomware or Denial of Service attack
involving network intrusion or data loss)

Recovery Task: RT-960483

Estimated Duration Performed By Task Overview
(mins) (Roles and
Responsibilities)
5 Cyber Incident Response Tasks.

Recovery Task Script

Escalation
1. Any associate who encounters a suspected cyber incident should immediately notify Information
Security Team via email [email protected] or by dialing 011 44 7595 909171
Communication
2. Report the Incident via the Service Now "portal" (if available)
3. Call the Network Security Team hotline at 413-226-1940 to report the incident.
Response
4. The Information Security Team and/or the Network Security Team will activate
the relevant Cyber Incident Response Plan.
Action
5. Associates should refrain from using the corporate network and inform co-workers about the
incident.
6. Await further instructions/communications issued from the Information Security team.
Note
If corporate email has been compromised by the Cyber Incident, Everbridge will be used for
communicating updates throughout the incident. Contact Colm O'Keeffe if you are unfamiliar with using
Everbridge.

Recovery Strategy Name: Technology Outage - Response

Estimated Duration Strategy Description
(mins)
3 Response to a technology outage (e.g. disruption to networks, communications,
IT hardware or software)

Recovery Task: RT-960510

Estimated Duration Performed By Task Overview
(mins) (Roles and
Responsibilities)

Page 6 of 11
 1 Office Telephony Outage.

Recovery Task Script

Escalation/Communication
1. Report the outage immediately via the "Service Now" portal ensuring the issue status is set to High.
Response
2. IT Service Delivery Teams will investigate the Outage and if necessary invoke the relevant IT Technical
Recovery Plan/s.
Action
3. Associates should utilize Cell Phones and/or email until telephony services have been restored.

Recovery Task: RT-960516

Estimated Duration Performed By Task Overview
(mins) (Roles and
Responsibilities)
1 Steps to take in the event of an Application, Server, or
Technology Solution Outage.
Recovery Task Script

Escalation/Communication
1. Report the outage immediately via the "Service Now" portal ensuring the issue status is set to High.
Response
2. IT Service Delivery Teams will investigate the Outage and if necessary invoke IT Technical Recovery
Plans.
3. The Recovery Time Objective will be dependent on the criticality of the Application, Server, or
Technology Solution
Action
4. Associates remain on standby undertaking any manual workarounds, if applicable. In some instances
the only solution is to wait for restoration by the IT Service Delivery teams.

Recovery Task: RT-960534

Estimated Duration Performed By Task Overview
(mins) (Roles and
Responsibilities)
1 Recovery steps to take in the event of a
Network/Telecommunications Outage.
Recovery Task Script

Escalation/Response
1. Network & Telecommunications infrastructure is monitored 24/7 by IT Service Delivery teams to
ensure any service outage is responded to immediately.
2. Associates should report any Network/Telecommunications Outage via the "Service Now" portal (if
available) or in person if Service Now is not available.
Action
3. Associates are encouraged to continue with manual processing where possible until the
network/telecommunications outage had been resolved.
Communication
4. Situation updates will be provided via the "Service Now" portal (if available) or via Everbridge
notifications.
Note

Page 7 of 11
 Network and Telecommunications infrastructure has been designed in a resilient configuration. Single
points of failure have been designed out with auto failovers in place in order to re-route Network traffic in
the event of disruption. Network hardware is housed in both Data Centers and NER rooms with UPS
support.

Page 8 of 11
 Application Requirements
Requirement Requirement Description Application Application Description Application
Name Name Owner

Information In addition to the applications selected on the

Security- targets tab, this BU requires the following
Additional applications
Applications Secunia
Qualys
Proofpoint
Sailpoint

Business Unit Requirements

Requirement Requirement Description
Name

Information
Security-Additional In addition this BU relies on the following Business Units: Technology Solutions
Business Units.

Third Party Requirements

Requirement Requirement Description Third Party Third Party Description Third Party
Name Name Contact

Information In addition to the third parties selected in thr

Security- target tab this BU requires the additional third
Additional Third parties:
Parties. Qualys
Secunia

Page 9 of 11
Upstream BC/DR Plans
Plan Name Purpose

Infrastructure Disaster Recovery plan detailing the recovery requirements

(Telecommunications/Network) and recovery strategies used by the Infrastructure Network
team in the event of a business disruption or emergency.

Global Legal (Includes Real The Business Resiliency Plan for Global Legal represents the
Estate, Fixed Income, Private results of the various Business Impact Analysis interviews
Finance & Alternatives) conducted with the following business areas that perform Legal
services for the firm.
- Real Estate: RE Legal works with RE Investment teams to
assist with purchases, financing, tenants, leasing strategy, and
sales support.
- Fixed Income - Review trade-related documents (credit
agreements, bond indentures, term sheets) involving FI
assets. Provide legal oversight and assistance.
- BMC Legal - the legal staff based in Plano primarily support
corporate issues and regulatory filings.
The plan details the recovery requirements and
recovery strategies used by the Global Legal business unit in the
event of a business interruption incident or emergency.

Risk Management The purpose of the Risk Management plan provides

information about the Risk Management team including:
- A functional description and recovery information
- Applications needed by the team
- Significant third parties relied upon by the team

Compliance Business Resiliency plan to be used as a reference

regarding the recovery requirements and recovery strategies
used by the Compliance business unit in the event of a
business disruption for an extended period of time.

Downstream BC/DR Plans

Plan Name Plan Owner Purpose RTO
(Hours)

Page 10 of 11