We have established a management group or committee to oversee the development and/or maintenance of the Readiness Program.

Our Board of Directors (or other appropriate oversight group) reviews and approves the company-wide Readiness Program and its procedures on an annual basis.

We have identified employees with dedicated Readiness planning responsibilities and assigned them to the program.

We have established a budget for our Readiness Program.

We have conducted a risk assessment that categorizes potential threats (both internal and external), as well as related impacts, on all critical facilities for both information technology and operational business units.

Our operational business units have identified the maximum tolerable time to recover critical business functions.

We have developed and funded business recovery strategies for the resumption of critical business processes and support services (i.e. systems, telecommunications, etc.).

Information technology recovery procedures have been established to accommodate the priorities and requirements mandated by the operational business units.

We have implemented a process to keep management aware of Readiness issues that exist at any point in time with our plans to recover business unit operations and technology. We have performed a gap analysis to identify the differences between the technical recovery requirements of the business units and the current recovery capacity and abilities of information technology.

It has been tested and confirmed that there is no chance that data could be irretrievably lost if a business disruption occurred between the last data backup process and the time of a business disruption.

Our business functions have created manual workaround procedures to perform critical business in the absence of technology.

Our recovery procedures for information technology and critical operational business units are tested on at least an annual basis.

Results of periodic Readiness exercises and tests are reported to senior management and the Board of Directors (or other appropriate oversight groups).

Readiness education and awareness programs exist to ensure that employees are trained to execute the Readiness procedures if required.

Building evacuation procedures have been developed and communicated with all employees.

Procedures to respond to emergency situations have been developed and communicated with employees.

Emergency response teams have been formed and trained to carry out procedures and respond to emergency situations.

A crisis management team has been formed to manage incidents and recovery of operations.

Regulators of our industry, consultants and auditors are satisfied with our organization’s Readiness planning efforts.

In the event of a significant business disruption, we feel certain that the critical components of our organization would be back in business within 3 business days.