Business Continuity Policy

We are committed to protecting our employees, clients, data, and reputation by having robust continuity measures in place.

The purpose of this policy is to ensure that RGA can maintain essential business operations during and after any disruption, including system failures, cyber incidents, natural disasters, or other emergencies.

Scope

This policy applies to:

  • All RGA employees, contractors, and consultants
  • All RGA business units, systems, and operations, including data platforms, analytics services, and project delivery

It covers all events that could disrupt normal operations and impact client service, employee safety, or business viability.

Policy Statement

RGA is committed to:

  • Maintaining the ability to deliver critical services in the event of disruption
  • Minimising the impact of incidents on clients, employees, and partners
  • Complying with all regulatory and contractual requirements related to business continuity

Responsibilities

  • Board / Senior Management: Approve the business continuity framework, allocate resources, and review continuity plans annually.
  • Business Continuity Lead / Manager: Develop, maintain, and test business continuity plans, coordinate response to incidents, and report on compliance.
  • Employees and Contractors: Understand relevant plans, participate in testing, and follow procedures during disruptions.

Business Continuity Planning

RGA maintains documented plans covering:

  • Identification of critical functions and processes
  • Roles and responsibilities during a disruption
  • Communication protocols internally and with clients
  • IT systems and data recovery procedures
  • Supplier and partner dependencies

Plans are reviewed at least annually and updated after tests, exercises, or real incidents.

Testing and Review

RGA conducts regular tests of its continuity plans to ensure:

  • Plans are effective and actionable
  • Employees understand their responsibilities
  • Lessons from tests or real incidents are incorporated

Reporting and Improvement

Any incident or disruption is logged, investigated, and reviewed. Continuous improvement actions are taken to strengthen resilience and prevent recurrence.

Compliance

Compliance with this policy is mandatory. Non-compliance may result in disciplinary action. This policy supports RGA’s obligations to clients, regulators, and employees.

signature

Approved By:   R Gauldie, Director

5th February 2026