Our approach to business resiliency is designed to allow us to deliver on the Travelers Promise to take care of our customers, communities and employees in the face of unexpected disruptions. The Travelers Business Resiliency Program is our internal ecosystem focused on the goal of ensuring that we can operate consistently for our employees, agents and customers despite crises and operational disruptions and, accordingly, continue to deliver for our shareholders. Our Business Resiliency Program takes a holistic, three-pronged approach that encompasses business continuity, disaster recovery and crisis management. With support from senior management and with oversight by the Risk Committee of our Board of Directors, our program focuses on both preventive measures (including technology availability design, facility resilience and training/awareness programs) and response preparation (including business contingency planning, technology restoration and crisis management/emergency response).
The Travelers Business Resiliency Risk Committee, composed of members of our executive team, oversees the implementation of our Business Resiliency Program and, along with our management-level Enterprise Risk Committee, is charged with reviewing and approving mission- and business-critical processes, identifying risks to business resiliency and facilitating decisions to accept, mitigate or remediate these risks.
Pursuant to its charter, the Risk Committee of our Board of Directors oversees “the strategies, processes and controls pertaining to business continuity and executive crisis management for the Company and its business operations.” In exercising its oversight, the Risk Committee of our Board meets annually with members of the Business Resiliency Risk Committee and the Enterprise Risk Committee to review the company’s business continuity, disaster recovery and crisis management efforts. Among other things, the Risk Committee reviews the enterprise event response protocols, discusses how those protocols would be (and were) triggered for events ranging from catastrophes to local shootings to bomb threats and evaluates lessons learned from actual events, such as the COVID-19 pandemic. The Risk Committee also receives quarterly reports regarding preventive measures for cyber incidents, including those events affecting suppliers that may impact Travelers. In addition, the Risk Committee is regularly briefed on the steps taken to reduce future risk and improve our threat detection and response processes.
The primary objective of business continuity is to ensure that the company is prepared to respond to, and recover from, an unexpected disruption. This requires a solid understanding of the risks to our operational structure and involves contingency planning and testing of hundreds of business processes across Travelers. We have inventoried our business processes and categorized them according to their criticality and urgency to the company, and we have tailored our resiliency measures accordingly.
Through annual risk reviews, which are facilitated centrally, each business function updates its resiliency plans with respect to key operational aspects. The plans include specific recovery scenarios and detailed workaround plans to be leveraged in the event of a disruption related to technology, facility, workforce or supplier issues. We also conduct validation exercises to test the effectiveness of those plans.
In addition, as a fundamental part of our enterprise supplier management program, we identify supplier risks and mitigating controls, enabling the company to make informed decisions throughout the life cycle of a supplier relationship. Specifically, we assess the business continuity and disaster recovery risk of our suppliers to evaluate their overall business resiliency, recovery capabilities and limitations. And we create contingency plans detailing how the company will continue to operate if a supplier becomes unavailable.
We base our approach to disaster recovery on a model that provides redundant infrastructure, application and platform solutions designed to enable continued operation in the event of a disruption. We review these solutions on a regular basis to ensure that they continue to align with our business strategy. In addition, on an annual basis, we perform disaster recovery testing on all of our mission critical and supporting applications.
We inventory all computing platforms with a detailed plan to move to an alternate site, the specifics of which vary by application design and business criticality. We maintain technology availability standards to help ensure adequate designs are deployed and sufficient procedures are in place and tested to restore infrastructure, applications and data in the event of a disaster.
We perform daily backups of production data from our primary facility to our alternate sites. Critical technology infrastructure is designed with sufficient levels of redundancy to support recovery from local or geographic service disruption events.
Our Crisis Management Operating Model includes two teams: the Operational Response Team (ORT) and the Enterprise Event Response Team (EERT).
Our integrated ORT comes together to manage events, both planned and unplanned, providing a coordinated and facilitated response to situations of all types. The ORT is a group of employees from across the organization, prepared to come together before, during or shortly after an event to ensure that we respond appropriately. The ORT manages corporate security, real estate, technology, cyber, business continuity and environmental health and safety events. This team is activated and engaged regardless of the severity of the event. The ORT also maintains well-documented emergency response procedures and conducts regular training, scenario planning and exercises in anticipation of potential emergency scenarios. Travelers has event-specific playbooks covering protocols for various scenarios, including a pandemic, natural disaster, data center outage and cybersecurity incident. For example, our corporate pandemic plan, which outlines our strategy for maintaining a safe and healthy workplace while continuing to deliver uninterrupted service to our customers and agent and broker partners, was activated when the COVID-19 outbreak began. Roles and responsibilities of team members are clearly defined, enabling an efficient response to a national crisis or a technology, worksite, workforce or supplier event.
The EERT manages catastrophe events, underwriting and exposure, claim response and regulatory events. When escalation is required, the ORT and the EERT engage with the appropriate group of senior executives tasked with overseeing the execution of our crisis management and emergency response plans related to the event.
Travelers Business Resiliency Management in the Face of Pandemics
Despite the extraordinarily challenging circumstances related to COVID-19, we were able to continue to serve our customers and our agent and broker partners seamlessly due to our extensive planning and preparation for unforeseeable circumstances; the commitment, resourcefulness and professionalism of our team; and the tremendous efforts of our Technology and Operations group. Upon initial reports of the emerging coronavirus in January 2020, we activated our Business Continuity, Crisis Management and Disaster Recovery teams to track the outbreak and begin executing our robust business resiliency plans. Although COVID-19 impacts have moderated, we remain prepared to address the ongoing impacts of COVID-19 and any future pandemics (including new variants of COVID-19).