We have an Enterprise Risk Management team, led by the Chief Corporate Risk Officer. The team includes regional Chief Risk Officers that oversee each business unit: clearing houses, exchanges, trade repositories and the data and benchmark services.
We employ a three-lines model to enterprise risk management, a concept endorsed by the Institute of Internal Auditors. This framework helps ensure strong redundancies and preparation.
ICE ensures both the physical and digital security of our markets, clearing houses, data and mortgage software through industry-leading security technology and processes. Our Information Security Department consists of diverse and skilled teams that work to protect confidential data and systems from unauthorized access, misuse, disclosure, destruction, modification or disruption.
We employ the activities, processes and strategies to help evaluate, manage and address these risks, which are described in our 10-K.
ICE ensures the physical and digital security of our markets, clearing houses, data and mortgage services through industry-leading technology and processes. Per policy, core procedures, systems, and operational tasks are duplicable in recovery facilities, exercised at least annually, and documented comprehensively.
Our incident and crisis management program provides a cohesive framework for the communication, resolution, and analysis of incidents to ensure that they are resolved in a planned and controlled manner and normal operations are quickly restored.
The business continuity teams regularly conduct exercises to ensure our processes are ready to be successfully implemented. In addition, all employees are trained annually on our business continuity procedures to ensure readiness and understanding.
Our operations team maintains an incident response program to manage any incident with operational impact - security or otherwise. System resiliency and business continuity management are core tenets of our system design process and redundancies are purpose-built into our applications, network infrastructure and across primary and backup data centers.
Following each acquisition of a new company, its processes are reviewed to ensure incident and crisis management procedures are in place across our entire organization. Board oversight includes quarterly reports to the Risk Committee on technology operations and governance.