Fintelligent’s Data Security Policy consists of three elements:
1) Ensuring adequate data security at third party applications we use
2) Developing internal processes and training to keep our internal data secure
3) Insuring Fintelligent against reasonable data security risks
Use of Third Party Application Providers
We review the data security policies of all our third party application providers. We expect them to have in place security measures that protect physical and network security, application security, system security and data level security. We use reasonable means to determine whether these controls exist or not. In some cases all of these controls may not be present. Fintelligent may choose to engage with a third party without all the controls specified below if they have demonstrated to us that reasonable security protections exist.
Physical and Network Security
This is security related to data centers that host third party applications we use. We expect our providers to have 24/7/365 monitoring, full data recovery in the event of a disaster, multiple fiber trunks and mirrored RAID storage, standby servers and redundant network computers / redundant uninterruptible power supplies.
These are security features built into the applications we use. Features we screen for include granular level of control over user access, optional two-step verification and automatic session timeouts.
This is the prevention of unauthorized programs, systems and users from gaining access to or control over our data. We expect to see SSAE 16 SOC1 Type II audits, PCI DS Level 1 certification, tightly restricted access to production data, hardened networks and firewalls and activity log tracking.
Data Level Security
This is the database that stores the data used by the third party application. Security features we evaluate include full daily backups to multiple locations and continuous backups of transaction data.
Employee Training & Internal Processes
Fintelligent provides each employee training in secure methods of accessing and storing data. All computers and applications are password-protected. Various security best practices are provided to Fintelligent employees as part of their regular training.
Fintelligent maintains privacy and network security insurance to protect the firm and its clients in the event of a data breach.