Business Resiliency and Disaster Recovery are fundamental components of Fiserv and its affiliates’ (Fiserv) business operations. Our Business Resiliency and Disaster Recovery programs allow Fiserv to provide continued service to our customers and clients and to respond effectively to a disruptive event which may impact the firm, or interrupt normal operations.
The Enterprise Business Continuity Program is comprised of firm-wide Business Resiliency and Disaster Recovery programs, which provide for Fiserv’s need to recover its business processes and the supporting technology in a timely manner during disruption. This is accomplished by following pre-defined management approved policies, strategies, and procedures. The program allows for the restoration of both technology and business process capabilities within predetermined timeframes.
Fiserv has a dedicated group of business continuity professionals who are responsible for maintaining the program.
Oversight & Governance
Enterprise Business Continuity is managed by a firm-wide Business Continuity Steering Committee with representation from all major business units at Fiserv. Compliance with Enterprise Business Continuity program requirements for all business units are tracked with metrics monitored and escalated on a monthly basis.
The Enterprise Business Continuity program is subject to internal and external audit reviews and regulated by the Federal Banking Agency, which includes five banking regulators – the Federal Reserve Board of Governors, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Consumer Financial Protection Bureau. The program is also subject to the legal and regulatory requirements of other countries in which we operate.
The objectives of Business Resiliency includes the development of recovery strategies in order to minimize loss to Fiserv and its clients, continue to serve our customers, ensure the safety of employees, and minimize negative impacts of events. Each Fiserv business unit is responsible to complete a Business Impact Analysis (BIA) to determine the Recovery Time Objective of the business on an annual basis. The Recovery Time Objective allows Fiserv to prioritize key businesses for recovery during and after any type of incident.
Each business unit is also responsible to develop and maintain Resiliency Plans on an annual basis. Plans can be used independently or together if the incident affects multiple business units. Each plan includes key elements such as life safety, required resources, equipment, applications, recovery strategies including recovery site information and recovery tasks. All plans address high-absenteeism including pandemic and severe weather events.
Business Resiliency Plans are required to be tested on a regular basis to ensure an effective program. Fiserv has a varied testing program including the testing of recovery solutions such as working from another location (move and resume), work from home, and work load transfer. Our test types include tabletop exercises, simulation exercises and full disaster recovery tests. Post exercise reports are created for each event. All testing issues, as well as Business Impact Analysis and Business Resiliency Plan compliance are tracked and metrics are provided to senior management.
Disaster Recovery focuses on restoring the firm’s critical systems and applications used by our internal businesses and external clients. Application recovery is prioritized based on the Recovery Time Objective identified in the Business Impact Analysis. Fiserv maintains Disaster Recovery Procedures for key systems and applications, which provides detailed plans to recover the system or application. These procedures span key personnel, components and applications that are necessary to minimize the impact to vital business processes following a data center outage.
The Disaster Recovery team manages and coordinates recovery activities and rigorous exercises to demonstrate the firm’s ability to recover. Key systems and applications are tested on a regular basis. Follow Up reports are generated and reviewed with all exercise participants and all issues identified are recorded in the firm’s risk management tool and tracked through resolution.
Monthly metrics are used to track all Disaster Recovery requirements, including the maintenance of our plans and testing of our systems and applications. The metrics are socialised to Fiserv’s senior management, which provide a snapshot on the health of the Disaster Recovery Program.