Mn bfdsprivacy
0 likes45 views
Boston Financial's Information Security Program is committed to ensuring customer data is protected from unauthorized access through a layered security approach. The program employs risk assessment, security policies and standards, awareness training, and a dedicated security team led by a Chief Information Security Officer to prevent breaches and adhere to industry best practices and compliance standards. The scope of the program encompasses security administration, technology infrastructure, and policy management to consistently monitor threats and protect customer information.
Mn bfdsprivacy
- 1. Information Security Program Overview Purpose This document describes Boston Financial Data Services’ Information Security Program, Infrastructure Policies and Information Security Requirements. We are committed to ensuring the safety of our customer’s data from unauthorized use, access, disclosure, theft, manipulation, reproduction or possible security breach, during the tenure of our relationship. Our Information Security Program employs a layered security approach, forming a defense in depth strategy to mitigate known or potential security risks. Major components of the program include Risk Assessment, Security Assessment, Security Awareness, Security Policies and Standards, Risk Mitigation and Reporting. A dedicated Information Security team, led by the Information Security Officer was established in 2005, and is responsible for the management of the program. to ensure the prevention of unauthorized access to the environment supporting the services provided to our customers. We implement commercially accepted technologies and apply appropriate methods of security to ensure that the integrity and privacy of our customer’s data is protected. Our security program is reviewed annually and adheres to industry standards and best practices that addresses the critical requirements of safeguarding information based on: International Organization for Standardization 27002 (ISO/IEC 17799:2005) COBIT Framework and Control Objectives BITS Financial Services Roundtable Shared Assessment Program Legal Compliance Requirements including but not limited to: California’s Security Breach Notification Act Massachusetts Privacy Act Gramm-Leach Bliley Act (“GLB 501b – Standards for Safeguarding Customer Information”) and implementing legislation and regulations Sarbanes Oxley Act (“SOX-404”) FTC Information Security Requirements for Safeguarding Customer Information Other state and federal laws and regulations relating to safeguarding information Key Points: Management Commitment Review and Evaluation Industry and Regulatory Standards Defense in depth via a layered approach Scope The scope of the Information Security Program and Requirements at Boston Financial encompasses Information Security Administration, Security Technology Infrastructure and Security Policy Management. Consistent monitoring to detect changes in the threat landscape, allow us to be more proactive with changes to our production environment, and
- 2. gives us the ability to act in a reasonable manner to address potential exposure to known or reported risks targeting our information systems. Information Security Administration includes: Education and Awareness Security Incident Response Audit and Reporting Information Security Policies includes: Security Management Risk Management Personnel Security Physical Security Operations Management Security Monitoring and Response Communications Management Access Control Network Security Third Party Services Application Development Recovery and Business Continuity Legal, Compliance and Regulatory Information Security Technology Infrastructure includes: Access Controls Encryption of information in transit through non-dedicated circuits only Host Security Data Security Data Retention Boston Financial recognizes the need for customer assurance and validation that all private and sensitive data are being protected. As a result, all security policies must be reviewed and updated as necessary in accordance to regulatory changes and best practices outlined in ISO/IEC 27002 (17799:2005). Security policies are confidential and will not be disseminated to any third-party. Customers can validate the safety of their data and security principles employed at Boston Financial in one of the following ways: Clients may review our Information Security policies on premise with Information Security Officer Boston Financial will answer follow up questions that remain after client review of the Standard Information Gathering (SIG) document Clients can request copy of SSAE16 audit report Clients can request an executive summary of independent third-party Network and Application security assessment findings. The report is confidential and will not be shared with clients If you have any questions or require any further information please contact your relationship manager or the Information Security Officer at Boston Financial.