Business Resilience Disclosure
AIG is committed to ensuring the smooth and continuous delivery of service to our customers and clients while at the same time protecting the health and wellbeing of our employees and partners. AIG maintains a comprehensive business resiliency program to respond to business disruptions of varying size and scope; the program is one of many core components of our corporate governance structure. Our program and policies are based on global industry standards and address planning for the business continuity of operations, disaster recovery of technology infrastructure and event management, including incident response and crisis management before, during and after possible disruptions.
AIG’s policies are supported by detailed standards which include requirements for program governance, impact assessments, plan/strategy development, testing and exercising, training and awareness and management reporting. The organization’s Business Resiliency policies and standards are reviewed at least annually and updated based on changes in AIG’s strategic operating model, in regulatory requirements and/or business needs.
AIG regularly reviews and exercises its business resiliency plans and strategies according to our policies and standards. The review and exercise program is multi-dimensional and is designed to validate the effectiveness of our business continuity, disaster recovery and incident response plans during both short and long term business disruptions. The program includes a variety of approaches: notification tests to personnel; incident management team exercises; scenario-based table-top discussions; alternate recovery site testing; and disaster recovery testing of critical technology and applications.
AIG utilizes incident management teams at the local, regional, national and global levels to respond in real-time to actual or perceived threats to the organization’s people, facilities, data or reputation. These teams consist of appropriate stakeholders from across the organization’s business units and support functions. Monitoring of potential or actual disruptions is supported by the organization’s Global Security Operations Center, Cyber Defence Center, and Global IT Command Center, all of which operate 24-7/365.
As part of our Business Resiliency Program, in conjunction with the AIG’s Chief Medical Officer, Human Resources, and Corporate Function Departments, AIG maintains an Infectious Disease Preparedness plan to address planning and response for potential pandemics. AIG can invoke these procedures based on pandemic warnings from the World Health Organization, the U.S. Centers for Disease Control and Prevention, and/or other official local governance bodies.
For security reasons, it is AIG’s policy to keep its Business Resiliency Program plans confidential; we therefore do not provide specific details in this notice. We will update this notice as necessary should any material changes occur to the above information. For more information, please contact Resiliency@AIG.com.
Last Updated: May 13, 2020
Notice: The information contained herein is for informational purposes only, and no warranty of any kind is intended with respect to the practices described. Provision of this information is not a commitment (contractual or otherwise) to the recipient or viewer that the practices described in the attached materials will continue to be maintained.