Symetra Financial Corporation - Business Continuity / IT Resilience / Disaster Recovery Statement
Symetra Financial Corporation and its subsidiaries (Symetra) is committed to reducing the risks and impacts engendered by a potential disruption through the continuing support of our Business Continuity Management (BCM) program.
Symetra has developed a Business Continuity Management (BCM) program that encompasses four major components: Crisis and Incident Management, Emergency Preparedness and Response, Business Continuity Planning and IT Resilience (Disaster Recovery). Each of these components consists of dedicated plans, procedures, and communication paths.
The Symetra Business Continuity and IT Resilience plans were developed, and are maintained, with senior management oversight and approval for the methodology, processes and procedures necessary to protect our employees, to continue or resume business during a major event, and to restore access to information and services for our customers and producers. The plans were developed using the guidelines for best practices from respected sources such as the Disaster Recovery Institute International (DRII), OSHA, FEMA and other recognized organizations for business continuity and disaster recovery. Senior management formally reviews and approves the Symetra plans on an annual basis.
BCM Program Overview:
Crisis and Incident Management
The Crisis Management Team (CMT) acts as the central communication and decision-making hub for the organization in the event of a major disaster that impacts business operations. The CMT is comprised of executive management and business leaders from across the organization, and provides strategy and resources as required to recover critical business processes or IT systems in a timely and efficient manner during a disaster or major incident.
Emergency Preparedness and Response
Symetra understands the importance of sustainability and strives to make conscience business decisions that protect the health, safety and well-being of our employees, contractors, visitors, customers, partners and those in the communities in which we operate.
Our Emergency Response Plans integrate into our overall BCM program and address life safety issues such as medical emergencies, shelter in place, and emergency evacuations.
In the event of a building emergency, Symetra Workplace Services works in conjunction with Property Management resources and Symetra CMT to mitigate issues within the workplace environment. Life safety processes and procedures exist to protect employees and guests located at our facility during an emergency. In alignment with local building code and property management requirements, Symetra sites may perform evacuation drills.
Business Continuity Planning
Symetra’s Business Continuity Planning focuses on plans for each business unit. The Business Continuity Plans cover emergency response, notification, and work-around procedures for the loss of internal or external dependencies to critical business processes. Business Continuity Plans are exercised through a variety of scenarios on an annual basis.
Business processes are ranked by priority. Business units are required to annually participate in a Business Impact Analysis (BIA) to determine and identify the risks and impacts of an outage or interruption of a business process to the company as a whole. The BIA approach results in the evaluation of objective criteria based on a standardized set of questions. This is the method used to determine the Recovery Time Objective (RTO) of each business process and internal / external dependencies.
Symetra hosts a workplace environment that offers flexibility to employees working in and out of the office by providing laptops, VPN access and wireless network capabilities.
The Symetra Business Continuity plans are derived from the results of a risk-based analysis, strategies, and mitigations and contain the following key components:
- Predetermined processes for escalation and activation for any and all parts of the plan by the event response team which consists of management with defined levels of responsibility to act on behalf of Symetra;
- Internal and external communication processes and procedures for customers, producers, other external parties, and employees regardless of their physical location within the United States;
- Critical and/or time sensitive business functions are identified in the plan along with the resources that those functions require to be successfully recovered;
- Continuation of work capabilities while working from home via layers of redundancy in critical roles including employees in multiple locations and multiple personnel that can perform critical functions; and
- Testing of the business continuity plans are conducted on an annual schedule basis using multiple environments (i.e., scenario based, alternate locations).
Third-Party Vendor Continuity Monitoring
In alignment with regulatory influences, Symetra vendor management teams have established monitoring of critical third-party service providers to assess Business Continuity and IT Disaster Recovery program levels.
Pandemic Response and Continuity
Symetra has a Pandemic Response and Continuity plan developed based on the ongoing response to the global pandemic. This plan is based on World Health Organization, US Centers for Disease Control and regulatory influences to guide Symetra’s response activities and provide continued operation of services through the pandemic.
Symetra’s IT resiliency utilizes a variety of solutions to provide availability and recoverability of our systems and data that align to business criticality. These solutions protect the business and are designed to reduce the impact of a disruption to our customers and partners, while protecting reputation and sustainability. The IT recovery plan specifies the resources and activities required to re-establish information technology services (including components such as data centers, networks, servers, applications and data) at an alternate site following a disruption. The level of resiliency is defined through business-driven risk decisions intended to align with the organizational risk appetite. In the event of a catastrophic outage at our primary data center, Symetra would activate its secondary (recovery) site. Our cloud-based systems are designed and backed up utilizing native cloud-based resilience and multiple backup instances. Data centers reside in enterprise class data centers in the United States.
Data Centers used by Symetra’s production environments are in hardened facilities that meet or exceed industry standard protective measures for power, cooling, physical security, cyber-security, interconnectivity, and natural or man-made hazard mitigation.
- IT Recovery planning is performed at multiple levels from site level recovery plan including the infrastructure for network, access management and security to Application-level plans with procedures to recover the application, validate functionality and synchronize the data.
- Data protection backups are performed on a routine schedule that aligns to the Recovery Point Objective. In alignment with best practice, multiple copies of the backups are stored in different secured locations for local restore or disaster recovery. Backup processes have security protocols to protect customer information during creation, transport and storage.
- IT Recovery exercises are performed annually in accordance with the policy. Exercises are designed to validate the recovery procedures and capability to meet the Recovery Time Objective and Recovery Point Objectives. Gaps identified in the exercise are tracked through to adjustment of the plan document or operational changes to address the item.
Confidentiality of BCM program materials
Due to the confidentiality of the information contained within our Plans (Crisis and Incident Management, Emergency Preparedness and Response, Business Continuity and IT Resilience, Pandemic Response and Continuity), it is our policy not to share copies to outside parties. However, we would be happy to respond to specific inquiries you may have or host a visit to our corporate headquarters in Bellevue, Washington, to discuss.
For additional information on Symetra’s Business Continuity Management (BCM) Program please Email Us.
Rev. February 8, 2022
Document available for current or prospective clients and partners.
Symetra® is a registered service mark of Symetra Life Insurance Company.