Data Security Attestation
Regulatory Compliance, LLC maintains certain personal customer information in its electronic files to facilitate the processing of registration requests, the creation or review of financial statements and the payment of invoices for services. This information is stored on a shared drive on our company’s server that is protected from unauthorized access. Regulatory Compliance attests that all personal information and customer information stored on our systems is protected as follows:
- Access to the shared drive is restricted to active employees and pre-authorized individuals on a “need to know” basis within Regulatory Compliance through password-protected login to company computers.
- The company’s server is protected from external access through a firewall.
- Access to the server is monitored and automatic notifications to management and the company’s IT consultant will be made should a breach occur.
- Access is blocked after multiple unsuccessful attempts to log in and is logged by our computer system.
- Encryption technology will be employed for data transmissions across public networks and wireless transmissions. Remote access uses 256-bit encryption.
- Personal information will not be stored on laptop computers or other portable devices as a general rule and, if so stored, all such data will be appropriately encrypted.
- System security software is maintained using the most recent versions supplied by the vendor.
- Employees are trained on the need to protect personal information and the consequences should they breach any personal data restriction.
- The company will adopt written policies and procedures, reasonably designed in light of the firm’s size, business and amount of data stored.
Regulatory Compliance further attests that should a breach occur, management and their IT consultant will immediately take action to secure information, mitigate the breach and notify any customers whose personal information could have been compromised.
Stephen J. Sussman, President
Regulatory Compliance, LLC