Page 52 - OctDefComp
P. 52
12. Responsiveness to cybersecurity incidents or breaches
Empower has not experienced a security breach of our internal systems or unauthorized access to client data. All security
breach notifications are coordinated through the Empower legal department in accordance with applicable contracts
and state and federal law requirements. Empower would notify our plan sponsors of a data breach in accordance with
regulatory requirements.
Best security practices include
DOL cybersecurity
best practices Empower protocols
All response activities are coordinated with internal and external
Informing law enforcement stakeholders and external support from law enforcement agencies
as applicable.
Notifications for our contracted insurance policies pertaining to
Notifying the appropriate insurer recordkeeping services are overseen and facilitated by the Empower
Legal Department.
Empower has a computer security incident response team (CSIRT)
and response procedure to investigate known or suspected security
Investigating the incident breaches within our computing environment. The incident response
procedure includes steps to research, respond, manage and report
suspected security breaches to help ensure business continuity.
Giving affected plans and participants Empower protection and prevention brochures are available and
the information necessary to prevent/ widely distributed to our client community for safeguards and tips for
reduce injury avoiding malicious threats, vulnerabilities and fraud scams.
Honoring any contractual or legal All security breach notifications are coordinated through the Empower
obligations with respect to the breach, legal department in accordance with applicable contracts and state
including complying with agreed upon
notification requirements and federal law requirements.
We review and revise incident response plans on an annual basis;
Fixing the problems that caused the
breach to prevent its recurrence revisions incorporate lessons learned from exercises and previous
incident detection and response activities.
Empower’s 67,000 plan sponsors and their 12 million participants trust us with their assets and identities,
1
and that is not a responsibility we take lightly. We safeguard the world’s largest financial, technology, defense
contractors, healthcare, government, franchise, education, airlines and non-profit organization’s retirement
assets. A partnership with Empower is built on a foundation of trust — the security of plan and participant
information is critical to the success of our business. That’s why in addition to extensive security measures,
our Empower Retirement Security Guarantee affirms our promise to restore account losses resulting
from unauthorized transactions that occur through no fault of the participant. Information regarding the
Empower Retirement Security Guarantee appears on the participant website so participants are aware of the
commitment and how it works.
11
FOR FINANCIAL PROFESSIONAL AND PLAN SPONSOR USE ONLY.
