![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0232.png)
This report is intended for use by the management of the Variable Annuity Life Insurance Company ("VALIC") and its subsidiaries.
VALIC Retirement Services Company ("VRSCO") and VALIC Financial Advisors, Inc. ("VFA"), its user entities, and the independent
auditors of its user entities, and is not intended and should not be used by anyone other than these specified parties.
Back to TOCClick
VALIC
.com 46
Backup of Distributed Applications
At the Fort Worth data center a full volume backup is performed weekly, with a five-week retention cycle.
Daily full backup tapes for break-fix are written to virtual tapes and replicated in Fort Worth.
Distributed applications backups are monitored to ensure completeness of processing. Errors are monitored on
a daily basis by Data Protection Advisor (DPA) and failure alerts are logged to CA. The failed alerts are reviewed
and remediated by the GCC Open Systems Team. Any failures that are unable to be remediated with standard
troubleshooting or job restarts are then logged as a Service Now Incident. The resolution documentation for
each incident is logged within the Service Now ticket
(15.2)
.
Backup of SAP Data
Critical data is replicated to the Fort Worth facility on a daily basis. VALIC relies on CTO for the replication
process and for performing backups of all servers. SAP backups are monitored to ensure completeness of
processing. Errors are monitored, logged, resolved and documentation of the resolution is maintained
(15.2)
.
Physical Access
Fort Worth and Livingston Data Centers
AIG Safety and Security Department in Livingston and Ft. Worth provides 24x7x365 physical protection for
data center facilities. Data Center facilities are secured via closed fences surrounding the entire site with a
rolling gate present at the entrance and exits. There are security guards stationed at every entrance to the Data
Centers including the guardhouses, which are set up outside the entrance gate for the purpose of monitoring
and authorizing all individuals who enter the premises. Access Control System (ProWatch) is the security
system used for maintaining and tracking access card data. Monitoring alarms are attached to ProWatch and are
displayed at the control room on the first floor. Currently, there are designated monitoring points throughout the
complex, and security personnel must acknowledge critical alarms and follow provided instructions. ProWatch
consists of the following types of equipment: Card Readers, Door Alarms, Motion Sensors, Digital Video
Surveillance and PIN Readers.
Each data center facility has physical access controls, continuous monitoring, redundant connectivity, cooling,
power and a viable disaster recovery solution. Onsite generators with dedicated fuel tanks and UPS systems are
in place. TS is the primary service provider for technology hardware and hosting services.
Entrance to the data centers and to the raised floor areas which house the computing facilities is protected
by electronic access control (i.e., access badges and card readers) and monitored by security video. The data
centers are further protected by door alarms and PIN readers. Employees must use their access badges in order
to enter and exit the premises. Security personnel process all visitors prior to entering and upon leaving the
data centers. Card keys are required to access the computer rooms. Highly sensitive and secure rooms, such as
raised floor rooms and hardware rooms are also protected by PIN readers. Quarterly recertification of physical
access is only attached to secure and sensitive areas. Such as ATAC LAB, IT SECURITY LAB, HR OFFICE, AIGGS
Global Command Office, BuildingMGMT Office, Mail Rooms, Freight Loading Docks, Mechanical Infrastructure
Rooms, Raised Floor, Server Rooms, Data Center, Cable Rooms, Staging Rooms, Network Storage Rooms,
Telephone Data Area, Test Lab Rooms and Data Center Storage Areas
(16.3)
.
Personnel access to the data centers must be initially approved by a manager and CTOOperations prior
to granting access
(16.1)
. Access to the data centers is removed for terminated employees and contractors
(16.2)
. Access badges automatically expire after 90 days for consultants, one year for long-term consultants,
and five years for employees. Personnel with access to the data centers are reviewed on a quarterly basis for
appropriateness. Any identified corrections are forwarded to security for processing.
III. Description of the VALIC Defined Contribution Plan Administration System