Heritage Investors’ Business Continuity Disaster Recovery Plan
Investment advisers owe a fiduciary duty to their clients to have disaster recovery plans in place in the event of a natural disaster, accident, death, or other event that would disrupt the normal business flow of the adviser and the services it provides to its clients.
A disaster recovery plan must detail the steps that an adviser and each of its Associated Persons will take in the event of a disaster. This plan, including all contact information for clients, Associated Persons, regulators, custodians, and service providers, should be updated regularly and each revision should be communicated to Associated Persons as applicable.
Policies and Procedures
Heritage Investors’ Disaster Recovery Plan is an essential part of its operations. All Associated Persons are responsible for understanding their role in the event of a disaster or major disruption. The CCO (“Primary Disaster Recovery Coordinator”) has the overall responsibility for the firm’s response to a major disruption, is responsible for ensuring that Heritage Investors’ Disaster Recovery Plan is tested annually and is updated when regulatory or operational changes occur. The Primary Disaster Recovery Coordinator may designate one or more persons to assist with their duties.
A disaster is any event that renders Heritage Investors unable to provide its usual level of service without immediate recovery (a “major disruption”). The physical location of Heritage Investors may or may not be affected.
If the major disruption does not affect the physical location of the business, meaning the business can continue to operate from that location, the Primary Disaster Recovery Coordinator, or designee, will determine the steps necessary to resolve the disruption. If the disruption is systems related, this may include contacting Heritage Investors’ offsite data storage provider, CarbonitePro, to determine next steps and expected length of time for resolution. Heritage Investors’ Email Retention provider, RedTail, may also be contacted. In the event the disruption does not prevent Associated Persons from working remotely, Associated Persons may be required to use these systems and/or to travel to the designated off-site location as named below as deemed necessary. The below list is not exhaustive. Specifically, if the location listed below is not available, Associated Persons may be asked to work remotely from alternate locations.
If the major disruption affects the physical location of the business and Associated Persons either cannot get into the building or must evacuate the building, the Primary Disaster Recovery Coordinator will determine the steps necessary to resolve the service disruption. This may include contacting Heritage Investors’ offsite data storage provider and email retention provider. The Primary Disaster Recovery Coordinator and/or designee will notify all critical Associated Persons of next steps and provide direction to each Associated Person as to whether or not they will be required to report to the designated offsite location. The designated office location to conduct business on behalf of Heritage Investors is located via virtual office.
In the event of an office building evacuation, all Associated Persons should immediately leave the building. Go immediately to our designated meeting location, so that the Disaster Recovery Coordinator(s) may confirm everyone is safe and accounted for. If a building evacuation occurs and an Associated Person is on the phone, the Associated Person should inform the caller that the building is under mandatory evacuation, you’ll have to reschedule the call for another time, and immediately terminate the call.
Because every building and situation has unique characteristics and circumstances, below are some general guidelines to follow for building evacuation:
- Do NOT use the elevators.
- Make yourself aware of the closest exit, and go to it.
- Instruct others in your area to also leave the building.
- Sound any alarms, e.g. fire alarms, if needed.
- Proceed to the designated meeting location.
Main Office Number
Main office number: 865-890-1155. Clients may be contacted directly, via phone or email, if necessary and possible.
Notification of Proper Authorities
After an emergency has been declared, the Primary Disaster Recovery Coordinator, or designee, will notify the proper regulatory authorities of the nature of the emergency, and the temporary location of the firm, and notify the local public utilities, the telephone company, the post office and any other vendor as deemed necessary.
In the event Heritage Investors’ primary telephone line is disrupted, phone and fax lines will be forwarded via VOIP to the extent available.
Temporary Operation Location/Recovery Site
If the primary office is inaccessible, Heritage Investors will temporarily relocate to a location determined by the CCO.
Client data is easily accessible at any remote location with Internet access. Client data, including e-mail correspondence and pertinent books and records, is backed up and archived Daily. The archive is maintained away from Heritage Investors’ primary business location to allow for retrieval of client records where the primary office location is not accessible.
Heritage Investors will maintain a list of all equipment, hardware, and software used by Heritage Investors. The list shall provide identifying information for the item, including the serial number, the manufacturers and serial/registration number as applicable. The CCO will notify Heritage Investors’ insurance company of any damage.
If Heritage Investors’ computer system is deemed unusable for any reason, Heritage Investors will procure another computer at that time. Time constraints for the purchase, delivery, and installation of a computer will depend on a number of outside factors such as the retailer, delivery services, and the consultant hired to install the computer, but it is expected that Heritage Investors will only be without a computer for a maximum of two business days. Once the new computer is installed, the last backup will be restored to the new system.
If Heritage Investors is unable to receive mail at its business office, Heritage Investors will either forward mail to an alternate location or submitting a mail hold request to the post office.
Client Information and Client Trading Records
Original client agreements, contracts, profiles, and other documentation related to each client as well as trading records, brokerage statements and confirmations are maintained at the principal place of business for the appropriate time that is required by law.
Copies of pertinent client information shall be kept at a secure off-site location. If it is not practical to keep paper copies, electronic facsimiles may be kept in a format that is easily retrievable, i.e., pdf, tif, gif, with a vetted cloud provider, etc., and in a timely manner. Periodically, the CCO will review these disaster recovery plans pertaining to client’s records to assure that these records will be adequately maintained in the event of a disaster or emergency.
Copies of certain client records are also maintained by the custodian(s) holding the client’s assets. Heritage Investors can access client records from the custodian as needed. If a client needed immediate access to their account, and for any reason could not contact Company, the client could contact his or her custodian(s) directly.
If a disaster occurs that requires client contact, every effort will be made by Heritage Investors to contact all clients. This may be done by phone calls, emails, general mailing, posting a message on Heritage Investors website, or by other means. A list of all clients is maintained in Heritage Investors’ account management system and can also be received by contacting the relevant account custodian.
Heritage Investors’ financial information is stored in a cloud-based file that is included in the backup procedures discussed above.
Updates and Annual Review
Heritage Investors will update this plan whenever there is a material change to Heritage Investors’ operations, structure, business or location or to those of our custodian (or any other critical service providers). In addition, Heritage Investors will test the plan, at least annually, and update the plan as needed, to ensure the plan remains consistent with Heritage Investors’ policy and overall business operations.
Contacting Access Persons
Should Associated Persons not be at work when the major disruption occurs, Associated Persons will need to be contacted. Heritage Investors maintains a list of its associated persons and contact information as part of human resources records.
The Disaster Recovery Coordinator is responsible for retaining an accessible copy of the most current Associated Persons list as maintained by human resources at a location other than Heritage Investors’ primary business office.
A list of principal service providers is provided below. The Disaster Recovery Coordinator is responsible for retaining a physical copy of the most current version of the following chart at a location other than the Company’s primary business office.
Key vendors identified:
Product/Service: Telephone, Internet Service Provider
Vendor Name: TDS
Phone No.: (865) 966-4700
Product/Service: Client Custodian
Vendor Name: TD Ameritrade
Contact Person: Robert Younger
Phone No.: 866-222-1014
Vendor Name: NCS
Contact Person: Andrea Penn
Phone No.: 561-570-1822
Vendor Name: Hitson, Crum & Blazer Insurance, Inc.
Contact Person: Mathew Bryan
Phone No.: 865-983-8114
Vendor Name: MCB
Contact Person: Brice Chapman
Phone No.: 865-694-5741
Vendor Name: Long Ragsdale, Waters
Contact Person: Lee Popkin
Phone No.: 865-584-4040