INVESTMENT INSIGHTS
Our thought leadership in investing, risk management, portfolio construction and trading solutions
FEATURED PARTNER
Connecting grass roots entrepreneurs globally with the capital needed to start making local change
BlackRock is committed to providing high-quality, resilient services to its clients. Significant resources and effort are dedicated to the Business Continuity Management (BCM) and technology Disaster Recovery (DR) programs to ensure we meet or exceed legal and regulatory obligations in the locations we operate.
BlackRock maintains business continuity and crisis response plans to facilitate the continuity of business in the event of a business disruption. BlackRock’s executive management provides oversight and governance to the firm’s BCM program, supported by the Business Continuity Management team, which manages the program.
BlackRock maintains disaster recovery plans and procedures to enable a rapid response to an event impacting its technology and data. Redundancy is the focal point of BlackRock’s DR program. Each data center is served by physically diverse circuits, secondary network, and alternate power sources. Primary and secondary data centers are appropriately distanced, mitigating the impact of a regional event. Applications are maintained in both the primary and secondary data centers while data is replicated in near real time. BlackRock’s Technology and Risk Management executives provide oversight and governance to the DR program, which is managed by the Disaster Recovery Management team.
BlackRock’s BCM/DR programs have several key elements, including:
BlackRock performs annual Site Risk Assessments for offices worldwide. The results of the assessment are used to drive risk mitigation activities, including enhanced site resilience, business continuity planning, and the deployment of additional recovery strategies where appropriate.
Additionally, a comprehensive weekly Risk Outlook is created that identifies potential threats to BlackRock staff and/or offices worldwide. Threats are reviewed, escalated, and managed by senior-level staff, and disseminated broadly for awareness and action as appropriate.
There are three main areas of focus that comprise the BCM/DR planning that BlackRock performs:
BlackRock’s Crisis Management program provides a global framework for responding to disruptive events, including:
BlackRock uses several methods to keep employees aware of the critical role they play in preparing for and responding to potential business disruptions. Methods used include:
BlackRock exercises its BCPs to verify the procedures for recovering business operations are appropriate, and that key personnel are familiar with documented procedures. Each year, several exercises are performed:
BCM exercise results are documented and reviewed with all involved participants following each exercise. Recommendations for improvements to the recovery process are identified, risk-rated, and any corrective actions clearly defined and assigned to the appropriate personnel.
BlackRock conducts an annual Disaster Recovery test for each of its production data centers. During the test, the data center is isolated from the BlackRock network to simulate a total loss of the facility. Applications are failed over to secondary data centers within the stated Recovery Time Objective (RTO) and the functionality is validated by qualified testers.
Following each DR test, the Recovery Manager provides a recap to Corporate Services, Technology and Risk Management executives. The recap includes an overview of the recovery times, a pass/fail assessment of all applications and a plan to remediate any issues discovered during the testing life cycle.
One of the key components of the BCM planning process is our supplier management framework, which includes periodic reviews of the business continuity programs for key service providers. Risk assessments are used to determine the criticality of each service provider. For the most critical service providers, BlackRock conducts targeted reviews and evaluations of BCM plans and, where appropriate, on-site visits.
Last Updated May 2017