Ethics and Accountability
The Hartford emphasizes accountability and reinforces the obligation of ethical behavior among all employees – whether working in the office or remotely. Our recent company-wide survey of our ethical culture showed 96% of employees believe The Hartford is committed to ethical business decisions and conduct. Our Code of Ethics and Business Conduct guides employees to choose a course of action consistent with The Hartford’s core values in all operations and business services.
We also encourage all employees and business partners to report suspected code violations through dedicated internal representatives, The Hartford’s Ombudsman or Fraud Hotline, or anonymously through our independent, third-party service EthicsPoint.
Our Anti-Corruption program prohibits anyone doing business on behalf of The Hartford from engaging in government bribery, commercial bribery or facilitation payments and provides information on how to report bad behavior. Given our expanded global presence, The Hartford has enhanced its Anti-Corruption program, including revising the policy and risk assessment framework, designing a monitoring and auditing framework and developing new training content.
Membership in our Employee Resource Groups has nearly doubled in five years, with 50% of our employees participating in 105 local ERG chapters in offices nationwide.
Vendor Code of Ethics
The Hartford diligently reviews sustainability practices in the selection and ongoing evaluation of our suppliers to ensure compliance with all applicable laws and regulations. Our Vendor Code of Ethics and Business Conduct
outlines the ethical behavior and responsible business practices we expect our suppliers to uphold.
Data privacy and security has taken on new importance at every level, from agencies responsible for regulating data protection to the people sharing that data. The Hartford’s cybersecurity strategy aligns to the National Institute of Standards and Technology (NIST) Cyber Security Framework. Cybersecurity updates are provided regularly to the board and senior executives, and we have comprehensive data security policies and systems that are assessed and tested at least annually by an independent external third-party auditing company.
Our business continuity strategy is consistent with industry best practices, providing the needed assurance that we are prepared for – and can recover from – emergencies, disasters and pandemics. We do this by maintaining multiple data centers in geographically dispersed locations and investing in redundant equipment to support the recovery of critical infrastructure and applications by reducing single points of dependency. We perform comprehensive testing to validate resiliency capabilities for relevance and effectiveness, including Business Resumption Plans and Application Disaster Recovery Plans, according to established frameworks. Emergency Response Plans for each office are required to be exercised at least annually.