SlideShare a Scribd company logo

Mn bfdsprivacy

wardell henley
wardell henley

Information Security Program Overview

Technology
1 of 2
Download to read offline
Information Security Program Overview Purpose This document describes Boston Financial Data Services’ Information Security Program, Infrastructure Policies and Information Security Requirements. We are committed to ensuring the safety of our customer’s data from unauthorized use, access, disclosure, theft, manipulation, reproduction or possible security breach, during the tenure of our relationship. Our Information Security Program employs a layered security approach, forming a defense in depth strategy to mitigate known or potential security risks. Major components of the program include Risk Assessment, Security Assessment, Security Awareness, Security Policies and Standards, Risk Mitigation and Reporting. A dedicated Information Security team, led by the Information Security Officer was established in 2005, and is responsible for the management of the program. to ensure the prevention of unauthorized access to the environment supporting the services provided to our customers. We implement commercially accepted technologies and apply appropriate methods of security to ensure that the integrity and privacy of our customer’s data is protected. Our security program is reviewed annually and adheres to industry standards and best practices that addresses the critical requirements of safeguarding information based on:  International Organization for Standardization 27002 (ISO/IEC 17799:2005)  COBIT Framework and Control Objectives  BITS Financial Services Roundtable Shared Assessment Program  Legal Compliance Requirements including but not limited to:  California’s Security Breach Notification Act  Massachusetts Privacy Act  Gramm-Leach Bliley Act (“GLB 501b – Standards for Safeguarding Customer Information”) and implementing legislation and regulations  Sarbanes Oxley Act (“SOX-404”)  FTC Information Security Requirements for Safeguarding Customer Information  Other state and federal laws and regulations relating to safeguarding information Key Points:  Management Commitment  Review and Evaluation  Industry and Regulatory Standards  Defense in depth via a layered approach Scope The scope of the Information Security Program and Requirements at Boston Financial encompasses Information Security Administration, Security Technology Infrastructure and Security Policy Management. Consistent monitoring to detect changes in the threat landscape, allow us to be more proactive with changes to our production environment, and
gives us the ability to act in a reasonable manner to address potential exposure to known or reported risks targeting our information systems.  Information Security Administration includes:  Education and Awareness  Security Incident Response  Audit and Reporting  Information Security Policies includes:  Security Management  Risk Management  Personnel Security  Physical Security  Operations Management  Security Monitoring and Response  Communications Management  Access Control  Network Security  Third Party Services  Application Development  Recovery and Business Continuity  Legal, Compliance and Regulatory  Information Security Technology Infrastructure includes:  Access Controls  Encryption of information in transit through non-dedicated circuits only  Host Security  Data Security  Data Retention Boston Financial recognizes the need for customer assurance and validation that all private and sensitive data are being protected. As a result, all security policies must be reviewed and updated as necessary in accordance to regulatory changes and best practices outlined in ISO/IEC 27002 (17799:2005). Security policies are confidential and will not be disseminated to any third-party. Customers can validate the safety of their data and security principles employed at Boston Financial in one of the following ways:  Clients may review our Information Security policies on premise with Information Security Officer  Boston Financial will answer follow up questions that remain after client review of the Standard Information Gathering (SIG) document  Clients can request copy of SSAE16 audit report  Clients can request an executive summary of independent third-party Network and Application security assessment findings. The report is confidential and will not be shared with clients If you have any questions or require any further information please contact your relationship manager or the Information Security Officer at Boston Financial.

Recommended

Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Kimberly Simon MBA
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringKimberly Simon MBA
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)Kimberly Simon MBA
 
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...Rea & Associates
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
What Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessWhat Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessData Foundry
 
Is Security Team 2 Glba
Is Security Team 2 GlbaIs Security Team 2 Glba
Is Security Team 2 Glbaguestfd062
 

Recommended

Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Kimberly Simon MBA
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringKimberly Simon MBA
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)Kimberly Simon MBA
 
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...Rea & Associates
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
What Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessWhat Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessData Foundry
 
Is Security Team 2 Glba
Is Security Team 2 GlbaIs Security Team 2 Glba
Is Security Team 2 Glbaguestfd062
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsDoubleHorn
 
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA Hernan Huwyler, MBA CPA
 
IRBsearch | GLBA data
IRBsearch | GLBA dataIRBsearch | GLBA data
IRBsearch | GLBA dataIRBsearch, LLC
 
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration TestingProtect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration TestingTraceSecurity
 
GDPR Quick Reference for American Accountants (CPA Seminar)
GDPR Quick Reference for American Accountants (CPA Seminar)GDPR Quick Reference for American Accountants (CPA Seminar)
GDPR Quick Reference for American Accountants (CPA Seminar)Cody Bess
 
Preparing for GDPR Compliance...
Preparing for GDPR Compliance...Preparing for GDPR Compliance...
Preparing for GDPR Compliance...James Ward
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsPrecisely
 
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPABoards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPAHernan Huwyler, MBA CPA
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
Access Control Systems
Access Control SystemsAccess Control Systems
Access Control Systemsarnoldpeter01
 
It security iso 27001
It security iso 27001It security iso 27001
It security iso 27001Iris Maaß
 
Sensitive data
Sensitive dataSensitive data
Sensitive dataS.M. Towhidul Islam
 
Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Alexander Davis
 
Qa Financials - 10 Smart Controls for Software Development
Qa Financials - 10 Smart Controls for Software DevelopmentQa Financials - 10 Smart Controls for Software Development
Qa Financials - 10 Smart Controls for Software DevelopmentHernan Huwyler, MBA CPA
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
 
Migration approachquestionnaire checklist
Migration approachquestionnaire checklistMigration approachquestionnaire checklist
Migration approachquestionnaire checklistNandeep Nagarkar
 
Datasheet: Security
Datasheet: SecurityDatasheet: Security
Datasheet: SecurityVoIPstudio
 
CyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRCyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRShadi A. Razak
 
Demystifying SOC 2 Certification: Enhancing Trust in Data Security
Demystifying SOC 2 Certification: Enhancing Trust in Data SecurityDemystifying SOC 2 Certification: Enhancing Trust in Data Security
Demystifying SOC 2 Certification: Enhancing Trust in Data SecurityShyamMishra72
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
 

More Related Content

What's hot

An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsDoubleHorn
 
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA Hernan Huwyler, MBA CPA
 
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration TestingProtect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration TestingTraceSecurity
 
GDPR Quick Reference for American Accountants (CPA Seminar)
GDPR Quick Reference for American Accountants (CPA Seminar)GDPR Quick Reference for American Accountants (CPA Seminar)
GDPR Quick Reference for American Accountants (CPA Seminar)Cody Bess
 
Preparing for GDPR Compliance...
Preparing for GDPR Compliance...Preparing for GDPR Compliance...
Preparing for GDPR Compliance...James Ward
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsPrecisely
 
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPABoards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPAHernan Huwyler, MBA CPA
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
Access Control Systems
Access Control SystemsAccess Control Systems
Access Control Systemsarnoldpeter01
 
It security iso 27001
It security iso 27001It security iso 27001
It security iso 27001Iris Maaß
 
Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Alexander Davis
 
Qa Financials - 10 Smart Controls for Software Development
Qa Financials - 10 Smart Controls for Software DevelopmentQa Financials - 10 Smart Controls for Software Development
Qa Financials - 10 Smart Controls for Software DevelopmentHernan Huwyler, MBA CPA
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
 
Migration approachquestionnaire checklist
Migration approachquestionnaire checklistMigration approachquestionnaire checklist
Migration approachquestionnaire checklistNandeep Nagarkar
 
Datasheet: Security
Datasheet: SecurityDatasheet: Security
Datasheet: SecurityVoIPstudio
 
CyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRCyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRShadi A. Razak
 

What's hot (19)

An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance Requirements
 
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
 
IRBsearch | GLBA data
IRBsearch | GLBA dataIRBsearch | GLBA data
IRBsearch | GLBA data
 
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration TestingProtect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
 
GDPR Quick Reference for American Accountants (CPA Seminar)
GDPR Quick Reference for American Accountants (CPA Seminar)GDPR Quick Reference for American Accountants (CPA Seminar)
GDPR Quick Reference for American Accountants (CPA Seminar)
 
Preparing for GDPR Compliance...
Preparing for GDPR Compliance...Preparing for GDPR Compliance...
Preparing for GDPR Compliance...
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
 
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPABoards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
Access Control Systems
Access Control SystemsAccess Control Systems
Access Control Systems
 
It security iso 27001
It security iso 27001It security iso 27001
It security iso 27001
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 
Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64
 
Qa Financials - 10 Smart Controls for Software Development
Qa Financials - 10 Smart Controls for Software DevelopmentQa Financials - 10 Smart Controls for Software Development
Qa Financials - 10 Smart Controls for Software Development
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
 
Migration approachquestionnaire checklist
Migration approachquestionnaire checklistMigration approachquestionnaire checklist
Migration approachquestionnaire checklist
 
Datasheet: Security
Datasheet: SecurityDatasheet: Security
Datasheet: Security
 
CyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRCyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPR
 

Similar to Mn bfdsprivacy

Demystifying SOC 2 Certification: Enhancing Trust in Data Security
Demystifying SOC 2 Certification: Enhancing Trust in Data SecurityDemystifying SOC 2 Certification: Enhancing Trust in Data Security
Demystifying SOC 2 Certification: Enhancing Trust in Data SecurityShyamMishra72
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer PlatformShanmugavel Sankaran
 
Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfmicroteklearning21
 
SOC 2 Certification Unveiled: Understanding the Core Principles
SOC 2 Certification Unveiled: Understanding the Core PrinciplesSOC 2 Certification Unveiled: Understanding the Core Principles
SOC 2 Certification Unveiled: Understanding the Core PrinciplesShyamMishra72
 
Soc 2 Compliance.pdf
Soc 2 Compliance.pdfSoc 2 Compliance.pdf
Soc 2 Compliance.pdfroguelogics
 
Soc 2 Compliance.pdf
Soc 2 Compliance.pdfSoc 2 Compliance.pdf
Soc 2 Compliance.pdfroguelogics
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & complianceVandana Verma
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)NCTechSymposium
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standardsautomatskicorporation
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsSkoda Minotti
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessLaura Perry
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Chandan Singh Ghodela
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
CHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chapCHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chapEstelaJeffery653
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Navigating the SOC 2 Certification Maze: What You Need to Know
Navigating the SOC 2 Certification Maze: What You Need to KnowNavigating the SOC 2 Certification Maze: What You Need to Know
Navigating the SOC 2 Certification Maze: What You Need to KnowShyamMishra72
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.pptkarthikvcyber
 

Similar to Mn bfdsprivacy (20)

Demystifying SOC 2 Certification: Enhancing Trust in Data Security
Demystifying SOC 2 Certification: Enhancing Trust in Data SecurityDemystifying SOC 2 Certification: Enhancing Trust in Data Security
Demystifying SOC 2 Certification: Enhancing Trust in Data Security
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
 
Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdf
 
SOC 2 Certification Unveiled: Understanding the Core Principles
SOC 2 Certification Unveiled: Understanding the Core PrinciplesSOC 2 Certification Unveiled: Understanding the Core Principles
SOC 2 Certification Unveiled: Understanding the Core Principles
 
Soc 2 Compliance.pdf
Soc 2 Compliance.pdfSoc 2 Compliance.pdf
Soc 2 Compliance.pdf
 
Soc 2 Compliance.pdf
Soc 2 Compliance.pdfSoc 2 Compliance.pdf
Soc 2 Compliance.pdf
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & compliance
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
CHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chapCHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chap
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
Navigating the SOC 2 Certification Maze: What You Need to Know
Navigating the SOC 2 Certification Maze: What You Need to KnowNavigating the SOC 2 Certification Maze: What You Need to Know
Navigating the SOC 2 Certification Maze: What You Need to Know
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.ppt
 

More from wardell henley

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfwardell henley
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfwardell henley
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfwardell henley
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfwardell henley
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdfwardell henley
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmpwardell henley
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paperwardell henley
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingwardell henley
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmenwardell henley
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178wardell henley
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securitywardell henley
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01wardell henley
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardswardell henley
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguidewardell henley
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Managementwardell henley
 
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaperwardell henley
 

More from wardell henley (20)

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdf
 
mita_overview.pdf
mita_overview.pdfmita_overview.pdf
mita_overview.pdf
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdf
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdf
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdf
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdf
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp
 
It security cert_508
It security cert_508It security cert_508
It security cert_508
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paper
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_training
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen
 
Soa security2
Soa security2Soa security2
Soa security2
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20security
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandards
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguide
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Management
 
oracle EBS
oracle EBSoracle EBS
oracle EBS
 
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper
 

Recently uploaded

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Mn bfdsprivacy

  • 1. Information Security Program Overview Purpose This document describes Boston Financial Data Services’ Information Security Program, Infrastructure Policies and Information Security Requirements. We are committed to ensuring the safety of our customer’s data from unauthorized use, access, disclosure, theft, manipulation, reproduction or possible security breach, during the tenure of our relationship. Our Information Security Program employs a layered security approach, forming a defense in depth strategy to mitigate known or potential security risks. Major components of the program include Risk Assessment, Security Assessment, Security Awareness, Security Policies and Standards, Risk Mitigation and Reporting. A dedicated Information Security team, led by the Information Security Officer was established in 2005, and is responsible for the management of the program. to ensure the prevention of unauthorized access to the environment supporting the services provided to our customers. We implement commercially accepted technologies and apply appropriate methods of security to ensure that the integrity and privacy of our customer’s data is protected. Our security program is reviewed annually and adheres to industry standards and best practices that addresses the critical requirements of safeguarding information based on:  International Organization for Standardization 27002 (ISO/IEC 17799:2005)  COBIT Framework and Control Objectives  BITS Financial Services Roundtable Shared Assessment Program  Legal Compliance Requirements including but not limited to:  California’s Security Breach Notification Act  Massachusetts Privacy Act  Gramm-Leach Bliley Act (“GLB 501b – Standards for Safeguarding Customer Information”) and implementing legislation and regulations  Sarbanes Oxley Act (“SOX-404”)  FTC Information Security Requirements for Safeguarding Customer Information  Other state and federal laws and regulations relating to safeguarding information Key Points:  Management Commitment  Review and Evaluation  Industry and Regulatory Standards  Defense in depth via a layered approach Scope The scope of the Information Security Program and Requirements at Boston Financial encompasses Information Security Administration, Security Technology Infrastructure and Security Policy Management. Consistent monitoring to detect changes in the threat landscape, allow us to be more proactive with changes to our production environment, and
  • 2. gives us the ability to act in a reasonable manner to address potential exposure to known or reported risks targeting our information systems.  Information Security Administration includes:  Education and Awareness  Security Incident Response  Audit and Reporting  Information Security Policies includes:  Security Management  Risk Management  Personnel Security  Physical Security  Operations Management  Security Monitoring and Response  Communications Management  Access Control  Network Security  Third Party Services  Application Development  Recovery and Business Continuity  Legal, Compliance and Regulatory  Information Security Technology Infrastructure includes:  Access Controls  Encryption of information in transit through non-dedicated circuits only  Host Security  Data Security  Data Retention Boston Financial recognizes the need for customer assurance and validation that all private and sensitive data are being protected. As a result, all security policies must be reviewed and updated as necessary in accordance to regulatory changes and best practices outlined in ISO/IEC 27002 (17799:2005). Security policies are confidential and will not be disseminated to any third-party. Customers can validate the safety of their data and security principles employed at Boston Financial in one of the following ways:  Clients may review our Information Security policies on premise with Information Security Officer  Boston Financial will answer follow up questions that remain after client review of the Standard Information Gathering (SIG) document  Clients can request copy of SSAE16 audit report  Clients can request an executive summary of independent third-party Network and Application security assessment findings. The report is confidential and will not be shared with clients If you have any questions or require any further information please contact your relationship manager or the Information Security Officer at Boston Financial.