Enterprise Resilience Disclosure
AIG is committed to ensuring the smooth and continuous delivery of service to our customers and clients while at the same time protecting the health and wellbeing of our employees and partners. AIG maintains a comprehensive enterprise resiliency program designed to respond to business disruptions of varying size and scope; the program is one of many core components of our corporate governance structure. AIG’s enterprise resilience program related policies are based on global industry standards and address planning for the business continuity of operations, disaster recovery of technology infrastructure and event management, as well as active monitoring, detection and triage for potential or actual operational disruptions.
AIG’s policies are supported by detailed standards, where applicable, which include requirements for program governance, impact assessments, plan/strategy development, testing and exercising, training and awareness, and management reporting. AIG’s Enterprise Resiliency policies and standards are reviewed at least annually and updated based on changes in AIG’s strategic operating model, regulatory or legal requirements and/or business needs.
AIG regularly reviews and exercises its enterprise resiliency plans and strategies in accordance with our policies and standards. The review and exercise program are multi-dimensional and are designed to validate the effectiveness of and to continue to improve AIG’s business continuity, disaster recovery and incident management plans during both short and long-term business disruptions. Examples of program reviews and exercises include notification tests to personnel; incident management team exercises; scenario-based table-top discussions; alternate recovery site testing; and disaster recovery testing of critical applications and supporting infrastructure.
AIG’s approach to enterprise resiliency leverages incident management teams at the local, regional, national and global levels who are able to respond in real-time to actual or perceived threats to the AIG’s people, facilities, data and/or reputation in coordination with other key business unit and corporate function stakeholders. For example, 24/7/365 monitoring of potential or actual disruptions is supported by AIG’s Global Security Operations Center, Global Cyber Defense Center, and Global IT Command Center.
As part of our Enterprise Resiliency Program, in conjunction with Human Resources, and Corporate Function Departments, AIG maintains an Infectious Disease Preparedness plan to address planning and response for potential pandemics such as COVID-19. AIG can invoke these procedures based on pandemic warnings from the World Health Organization, the U.S. Centers for Disease Control and Prevention, and/or other official local governance bodies.
For security reasons, AIG maintains the confidentiality of its Enterprise Resiliency Program plans; we, therefore, do not provide specific details in this notice. We may update this notice at any time and as necessary should any material changes occur to the above information. For more information, please contact Resiliency@AIG.com.
Last Updated: November 28, 2022
Notice: The information contained herein is for informational purposes only, and no warranty of any kind is intended with respect to the practices described. Provision of this information is not a commitment (contractual or otherwise) to the recipient or viewer that the practices described in the attached materials will continue to be maintained.