Continuity Management Disclosure
In keeping with ING IM's commitment to provide the highest quality of service to its customers, the Company has developed a comprehensive approach to planning for possible disruptions to its critical business operations. ING IM has developed a Continuity Management Program that includes the following five components:
- The Crisis Response Process/Incident Management Plan addresses various crisis situations (i.e. electrical power outage, fire, bomb threat, pandemics, inclement weather etc.). The plan includes crisis response teams to respond and implement an appropriate course of action in the event of a business disruption. The plan includes procedures for managing an incident, information for employees to follow related to building evacuations and shelter-in-place procedures, dedicated off-site recovery locations and employee updates via an Emergency Crisis Status Line.
- Departmental Business Continuity Plans address business unit actions to be undertaken in a disaster scenario. A risk assessment of each core business process is performed to identify failure scenarios with risk of occurrence in order to determine recovery tolerance for each core process. Documentation of how, by whom, and where critical processes will be resumed are included. Employees have a variety of options, as agreed with their management, for off-site work locations including other ING IM sites, third party service recovery sites and work from home strategies.
- The Crisis Communication Plan addresses the communication roles across ING IM business units and the types of messages communicated to ING IM employees, customers and media in the event of a significant business disruption.
- The Disaster Recovery Plan is the Information Technology Plan addressing the recovery of systems and data. ING IM has an extensive approach to safeguarding system files and documents. The Company's systems and data are protected through a combination of data replication, journaling, vaulting, mirroring and tape backup stored off-site. Based on system criticality, applications and data are stored on Storage Area Networks (SAN's) which replicate data to alternate data centers maintained by ING. The Firm also maintains documented Disaster Recovery Plans for all critical systems and utilizes a third-party vendor for off-site document storage. Information Technology also provides robust work from home capability through the use of laptop computers via secured Virtual Private Network (VPN) and Citrix for ING IM employees with critical job functions.
- The final component of ING IM's Continuity Management Program is the Test and Maintenance Plan, describing ING IM's long term test strategy. This strategy consists of scalable and incremental tests of the aforementioned Crisis Management Organization, Crisis Communication Plan, Business Continuity Plans and Disaster Recovery Plans. Annual tests include communication exercises, desktop/walkthrough testing of Business Continuity Plans and tests of critical application disaster recovery capabilities.
ING Investment Management (ING IM) is committed to providing seamless, high quality service to our clients at all times. To address pandemics, ING IM's Crisis Management Organization has assembled a Pandemic Team consistent with the firm's standard operating procedure as part of our documented Crisis Management Plan. The Pandemic Team consists of senior leaders representing key area of the firm that include: Human Resources, Communications, Compliance, Client Services, Information Technology, Facilities, Risk Management, Operations, Equity Investments, Fixed Income Investments and Proprietary Investments.
During the H1N1 2009/2010 pandemic, the team was convened regularly to update and adjust plans in accordance with breaking news, CDC guidelines and industry best practices. Standing topics discussed included social distances strategies, employee and client communications, business continuity strategies, employee safety and precautions, and business travel.
ING IM continues to refine its Continuity Management Program through ongoing evaluation and assessment of risks related to changing business conditions, local and regional events, the national security level and other factors that may influence the safety of employees and the ability to conduct business and meet customer obligations.