American Red Cross · Security Risk Management Protecting Aon’s People, Property, and Information American Red Cross 2013 Disaster Preparedness Summit Capability Planning

Security Risk ManagementProtecting Aon’s People, Property, and Information

American Red Cross

2013 Disaster Preparedness Summit2013 Disaster Preparedness Summit

Capability Planning

Information Security • Client & Supplier Security • Corporate Security & Safety Programs • Risk & Compliance Business Continuity Management • Information Governance • Global Emergency Operations Center

August 2013

Leading global provider of risk management, insurance and reinsurance brokerage, and human resources solutions and outsourcing services

Aon Corporation | Who We Are

Security Risk Management

Proprietary & Confidential | August 2013 1

Aon Corporation | What We Do

Aon plc

Aon Risk Solutions Aon Benfield Aon Hewitt

• Retail Brokerage

• Risk Assessment & Advisory

• Treaty Reinsurance Brokerage

• Facultative

• Rewards & Compensation

• Engagement & Leadership

• Workforce Planning &

2Security Risk Management

Proprietary & Confidential | August 2013

Advisory

• Captive Management

• Affinity Programs

• Premium Finance

• Claims Advocacy & Administration

• Select Personal Lines

• Actuarial & Analytics

• Technology Solutions

• Facultative Reinsurance Brokerage

• Capital Markets & Financial Advisory

• Analytics & Technical Services

• Claims Management

• Strategy, Claims, & Operations Consulting

• Workforce Planning & Administration

• Defined Contribution & Defined Benefit

• Investments & Financial Planning

• Health & Benefits

• Population Health & Absence

• Health Care Exchanges

National Preparedness Goal | Five Mission Areas

Mission Definition

Prevention Prevent, avoid or stop an imminent, threatened or actual act of terrorism.

Protection Protect our citizens, residents, visitors, and assets against the greatest threats and hazards in a manner that allows our interests, aspirations, and way of life to thrive.

Mitigation Reduce the loss of life and property by lessening the impact of future disasters.

Response Respond quickly to save lives, protect property and the environment, and meet basic human needs in the aftermath of a catastrophic incident.



human needs in the aftermath of a catastrophic incident.

Recovery Recover through a focus on the timely restoration, strengthening and revitalization of infrastructure, housing and a sustainable economy, as well as the health, social, cultural, historic and environmental fabric of communities affected by a catastrophic incident.

Core Capabilities Within Mission Areas

Prevention Protection Mitigation Response Recovery

• Planning

• Public Information

and Warning

• Operational

Coordination

• Forensics and

Attribution

• Intelligence and

Information Sharing

• Interdiction and

Disruption

• Planning


and Warning

• Operational

Coordination

• Access Control and

Identity Verification

• Cyber security

• Intelligence and

Information Sharing

• Planning


and Warning

• Operational

Coordination

• Community

Resilience

• Long-Term

Vulnerability

Reduction

• Risk and Disaster

• Planning

• Public Information and

Warning

• Operational Coordination

• Critical Transportation

• Environmental

Response/Health and Safety

• Fatality Management

Services

• Infrastructure Systems

• Planning

• Public Information and

Warning

• Operational

Coordination

• Economic Recovery

• Health and Social

Services

• Housing

• Infrastructure Systems



Disruption

• Screening, Search,

and Detection

• Interdiction and

Disruption

• Physical Protective

Measures

• Risk Management

for Protection

Programs and

Activities

• Screening, Search

and Detection

• Supply Chain

Integrity and Security

• Risk and Disaster

Resilience

Assessment

• Threats and

Hazard

Identification

• Mass Care Services

• Mass Search and Rescue

Operations

• On-Scene Security and

Protection

• Operational

Communications

• Public and Private Services

and Resources

• Public Health and Medical

Services

• Situational Assessment

• Natural and Cultural

Resources

Pre-9/11 | Three Silos



Private

Sector

Public

Sector

Family &

Community

Breaking Down the Silos

� Recognition that collaboration between sectors might be beneficial

� Formation of Public / Private Partnerships

– ChicagoFIRST (2003)

– Regional Partnership Council (RFCfirst 2005)

– Lake-Cook Regional Critical Incident Partnership (LCRCIP 2007)

� Formal and informal information sharing

– Tabletop exercises across sectors– Tabletop exercises across sectors

– Think tank / working groups

� Result - Improved Collaboration

– Pre- and post-incident

– Information sharing protocols developed

– Interdependency knowledge sharing



Post-9/11 Events

� Northeast Blackout (2003)

� Indian Ocean Earthquake and Tsunami (2004)

� London Bombing (2005)

� Hurricane Katrina (2005)

� Fires in California (2007)

� Mumbai Bombings | Taj Mahal Palace Hotel (2008)� Mumbai Bombings | Taj Mahal Palace Hotel (2008)

� H1N1 (2009)

� Japan Earthquake (2011)

� NATO Summit in Chicago (2012)

� Summer Olympics in London (2012)

� Hurricane Sandy (2012)

� Flooding in Calgary (2013)



NATO Summit | Chicago 2012

� Pre-event Planning

– Began six months prior to event

– Attended information sharing sessions with Federal, State, Local and

Private entities

• Communication Plan

• Road Closures / Transportation Limitations

• Security Plan

• General knowledge sharing of intended actions• General knowledge sharing of intended actions

– Conducted risk assessment of office proximity to events

– Reviewed business requirements & deliverables

– Assessed impact on colleagues ability to arrive/leave work

� Event

– communicate, communicate, communicate



Summer Olympics | London (2012)

� Planning began one year prior

� Coordination with public entities

– What does life look like?

– What are the restrictions/limitations on transportation?

– Who is communicating what and when?

� Industry specific collaboration

– What are other insurers doing to prepare and respond?

– How will we interact during the event?

� Internal Coordination

– Steering Committee (Human Resources, Information Technology,

Security Risk Management, Facilities, etc.)

– Scenario planning with Business Units

– Communication plan



Benefits

� Relationships formed

� Improved understanding of challenges faced by all entities

� Trust built

� Improved information sharing / communication protocols

– Where do you get it?

– Who is going to give it to you and when?– Who is going to give it to you and when?

– What are you going to do with it?

� Improved coordination



Partnerships in action…

11Security Risk Management

Proprietary & Confidential | August 2013

Contact Information

Theresa Enright

Aon plc

200 E. Randolph St.

Chicago, IL 60601

[email protected]

(312) 381-2463



Documents

American Red Cross · Security Risk Management Protecting Aon’s People, Property, and Information American Red Cross 2013 Disaster Preparedness Summit Capability Planning