Invessence Security Policy
We will use several layers of proven security technologies and processes to provide our clients with secure online access to their accounts and information. These are continuously evaluated and updated by our CTO to ensure that we protect our clients’ information. These include:
- Secure Socket Layer (SSL) Encryption
- Computer Anti-Virus Protection
- Data Integrity
- Ensuring Your Online Safety
We will diligently work to maintain our online security to the highest possible standards. Controls that we will use across our online infrastructure include:
- Robust and multi-layered security of servers and applications.
- Multiple layers of internal and external firewalls.
- Regular reviews of our security practices and technology updates.
- Regular reviews to ensure our security and privacy policies and standards reflect our industry leading position.
- Use of Secure Socket Layer (SSL) 128-bit encryption to protect the information our clients send or receive from our secure sites.
- Use of encrypted password logons to Invessence secure websites to help safeguard against unauthorized access to client accounts.
- Automatic session terminations when extended inactivity is detected. This helps to protect client accounts if they are away from their computer for an extended period.
Managing Online Security
The costs of potential security breaches can be very high – from both a financial and reputational perspective. Below are the 5 major IT security risks and how we plan on addressing each one.
1. Software Patch Management - There can be security holes in various operating systems and software applications. The manufacturers of these systems regularly create “patches” to cover these holes, but users are not always diligent about updating their systems.
Invessence policy uses an effective patch management system that ensures that operating systems and other applications are regularly updated – including not only security patches but also firewalls and virus definitions.
2. System “Change” Management – Companies make frequent changes to IT systems without realizing that these modifications to complex code can have unintended security consequences, including, exposing confidential customer information.
Invessence policy requires that any and all changes to computer systems must be authorized and tested prior to rollout.
3. Vendor Management – As a result of the security challenges outlined above, Investment advisors s are relying increasingly on outside vendors for processing, data storage, cloud computing and other IT functions.
Invessence policy dictates that we exercise due diligence when considering new vendors and monitor existing vendors for best security practices. Vendors should be asked to provide detailed information on their security programs, including the level of testing that has been done to verify their processes and controls and what mechanisms exist to identify unanticipated vulnerabilities. Investment advisers will ask their IT vendors for external audits and security certifications, and ask that they complete a Statement of Standards for Attestation Engagements [SSAE] No. 16, a widely recognized auditing standard measuring the internal controls at service providers.
4. Continuity Planning – Assuring the continuity of business operations is a major issue for investment advisers, given the time sensitivity of their work; even a day without being able to process trades through a broker would be devastating and expose the adviser to various liabilities.
Invessence policy includes plans and systems in place for responding to business interruptions. Our IT vendors have backup systems in place and have the capacity to completely and quickly restore files.
5. Education and Awareness – Most security breaches are the result of uneducated users. In fact, a recent report by Verizon finds that 97 percent of data breaches last year were avoidable. And avoiding those breaches begins with educating and training your employees, who very often have no appreciation for how their actions can expose companies to vulnerabilities.
Invessence policy will develop a strong information disclosure policy that establishes who is allowed to access what type of information and establishes procedures for doing so. Any IT security plan is only as good as the people who follow it. Our employees will be trained on IT procedures and policies and our IT department will send out regular notices about how to avoid dangerous hacking schemes and regular information about IT best practices. Invessence will work to develop a security culture to make employees aware of security threats and vigilant in reporting potential problems.
Social Media Marketing
Social media can be a very effective tool in communicating with, marketing and listening to clients and prospective clients, but its use potentially magnifies the risk of security breaches, especially if firms are allowing third parties to utilize their social media sites. Invessence complies with the SEC issued, National Examination Risk Alert in January 2012, regarding risks and controls that investment advisors should put in place to minimize security and other compliance risks.
We believe that working together is the best way to safeguard against financial fraud. We will invest in emerging and new technologies and maintain rigorous security procedures to ensure that clients can enjoy doing business with us in a safe and secure environment.
We will also proactively contact users to confirm that certain transactions going through their account are legitimate. They will verify the number to validate the call and call us back, using a publicly published number, prior to you providing any information.