Fillable Printable Global Business Continuity Planning
Fillable Printable Global Business Continuity Planning
Global Business Continuity Planning
1
Global Business Continuity Planning
THE GOLDMAN SACHS BUSINESS CONTINUITY PROGRAM FOR DISASTER RECOVERY:
OVERVIEW
Business continuity for disaster recovery is a high priority for Goldman Sachs, its subsidiaries
and
affiliates.
Our goal is to ensure our continued ability to serve our clients and to protect their assets and the
people and assets of our firm. Our Business Continuity Program has been developed to provide
reasonable assurance of business continuity in the event there are disruptions of normal operations at the
firm’s critical facilities.
The firm has established a global, structured approach designed to ensure that the firm is prepared
should a business disruption occur. This approach addresses business disruptions of varying scope,
including, but not limited to: Goldman Sachs-only business disruptions, medium scale and large scale
events involving the disruption of business, systems processing, and displaced personnel or a significant
reduction in our workforce due to illness, injury or death. Our plans include leveraging our global
resources and infrastructure through relocating impacted business units to designated and tested
business recovery sites, as well as using critical data and applications which are replicated between
geographically dispersed data centers. For example, if a local storm were to render one or more of our
business units inoperable, we could perform critical functions at another Goldman Sachs office with
minimal disruption, and if a problem occurred in one of our data centers, effectively shutting down our
servers, we could carry on processing from another Goldman Sachs data center with minimal loss of
data.
As part of our regular maintenance, we periodically test systems and processing failover to business
recovery sites. Our plans also consider the potential need for our business operations to be supported by
staff operating from non-Goldman Sachs locations, including their homes, should an incident occur which
requires personnel to be dispersed. Potential scenarios include a biological, chemical or pandemic
“event” in or near a location in which the firm does business.
No contingency plan can be failsafe or provide absolute assurance that an interruption in business will not
occur or that negative consequences will not ensue from a crisis or event. Because natural and other
disruptions — even if anticipated — generally are unpredictable and can change over time, no plan when
originally designed or even if later modified can anticipate every contingency or need. That said, Goldman
Sachs is committed to ensuring that its program is comprehensive and up-to-date, particularly as new
information, techniques, and technologies become available. We may alter, add to, or eliminate specific
aspects of the program as we judge appropriate for the protection of all concerned. We will keep both our
clients and our own community informed of pertinent changes.
The Goldman Sachs Business Continuity Program
We have a dedicated team of professionals responsible for training and education; for creating and
maintaining the program; and for implementing, managing, and monitoring the firm’s preparedness. The
program, which was developed with the assistance of this team, is comprised of five key elements: Crisis
Management, Business Recovery, Systems and Data Recovery, People Recovery Facilities, and Process
Improvement.
1. Crisis Management: Coordination, Communication, and Training
Crisis Management encompasses the communication processes and response procedures by which
the firm manages a business disruption, as well as the tools, training, and exercises we use to help
prepare the firm and our people for possible disruptions. Because the first two hours following a
2
disruption are often the most critical, the firm has established a multi-pronged, rapid response
capability that includes:
Formal Command Centers in every region of the firm’s worldwide operations. The Command
Centers allow the firm to monitor its environment, execute preestablished crisis management
procedures, and coordinate responses.
Crisis Management teams identified and trained to support the assessment, escalation, and
decision making processes in a business disruption.
Communication plans with local authorities and regulators to facilitate information flow and
coordination of responses.
Processes and communication tools, including some automated tools, to notify key senior
managers and personnel quickly at the onset of a disruption.
Crisis Response Guidelines distributed to each employee, including senior management, and
Crisis Handbooks or playbooks for our most senior managers.
The firm’s Crisis Management responses are periodically rehearsed. The firm carries out both
desktop drills and live exercises that reinforce these arrangements and allow the firm to study and
improve its program and processes.
2. Business Recovery
Business Recovery focuses on protecting client assets and assuring that the firm is able to continue
business operations in the event of a business disruption.
Central to the firm’s business recovery efforts is a requirement that each Goldman Sachs business
unit develop, test, and maintain recovery plans for each of its core functions. As part of these plans,
each business unit identifies critical risks and puts in place the appropriate level of business controls
and functionality necessary to mitigate those risks. The resultant plans document the functional
requirements — equipment, applications, vital records and regulatory reports, relocation sites, and
recovery teams and tasks — needed to reestablish essential business operations. The plans also
assess the impact of a business disruption on the firm’s business constituents, banks, and
counterparties.
3. Systems and Data Recovery
Systems and Data Recovery focuses on restoring the firm’s core infrastructure, including networking,
applications, market-data feeds, and other shared technologies to ensure the continuation of critical
business systems processing. Applications are prioritized based on their criticality to the business.
Recovery requirements and the frequency of application testing are then established based on those
priorities.
Wherever practicable, Goldman Sachs separates the people conducting business from the
technology infrastructure supporting the business, housing them in separate buildings, thus reducing
the likelihood of simultaneous personnel and systems disruptions. Buildings are prioritized based on
their criticality to the business and backup generators are used to protect the most critical facilities.
In addition, offsite data centers have been established away from our primary facilities to support
recovery of critical systems and data. Critical data is backed up to alternate locations on a regular
basis.
3
4. People Recovery Facilities
People Recovery Facilities focuses on ensuring that our people can quickly get back to productive
work when their physical facilities are not operating or are not accessible.
People Relocation Sites — redundant work environments — have been established for critical
business units. These People Relocation Sites, available in all regions, are outfitted with
the
equipment
and functional capabilities required to carry on business in emergency situations. The
Relocation Sites are continually maintained to ensure operational readiness and are tested regularly.
As a further safeguard, depending on the kind and extent of the disruption, many critical functions can
be shifted to other principal offices of Goldman Sachs, including offices around the world.
Additionally, the firm is able to support critical functions by enabling designated staff to work from
their homes, or from other non-Goldman Sachs locations through secure remote access connections.
5. Process Improvement: Continual Assessment and Testing
Process Improvement assesses and tests our state of readiness for foreseeable business disruptions,
including:
Ongoing testing of plans.
Continually reassessing risk — including operational and financial risks — and integrating new
risk scenarios into the program.
Updating business requirements and integrating them into the program.
Introducing new strategies and technologies as they become available.
Undertaking periodic review and refinement of the program.
Client Communications and Questions
This document provides an overview of the firm’s Business Continuity Program. If you have additional
questions, please contact your Goldman Sachs representative. Please bear in mind that we will not
respond to specific questions about the program that could compromise our security.
Pertinent updates to this Overview will be available on the Goldman Sachs Web site (http://www.gs.com).
This Overview can also be obtained via mail by contacting your Goldman Sachs representative.
In the Event of a Business Disruption
Should there be a significant business disruption, clients are encouraged to visit the Goldman Sachs Web
site (http://www.gs.com) for additional information.
This Overview is designed to satisfy disclosure requirements under FINRA Rule 4370 requiring the
creation and maintenance of a Business Continuity Plan.
Last Certified: January 1, 2015