|We voluntarily adopt the same Information Security standards as our customers. We designed our information security and cybersecurity controls based on FFIEC IT Booklets and various industry guidelines. |
Our IT and Information Security personnel, besides supporting our internal needs, also work as auditors, pen testers, and consultants for our clients. This allows us to keep up with the latest industry trends in data security and the deployment of technology, to apply to our own environment.
|We use industry standard data-at-rest and data-in-motion encryptions on all storage devices, whether it is our cloud based storage or physical devices (e.g. laptops). |
We use Box Enterprise as a primary means to exchange documents securely with our clients. In addition to performing ongoing monitoring on Box per FFIEC guidance, we have also hardened the platform and created various processes to protect our client’s data. We have an infographic outlining these controls that we can share with our clients.
|An in-house security team pen tests our environment annually, using the same industry and regulatory standards that we use with our clients. The Pen Test report is available for our clients to review as part of their ongoing monitoring process.|
In addition, both the IT and information security members use various risk assessment tools and methodologies to constantly assess and evaluate our controls at least annually. This helps our organization to continuously improve our security posture.