Our Cyber Solutions directly align with the SEC’s proposed Cybersecurity Risk Management Rules and Outsourced Provider Rule, which would require advisers to adopt and implement written cybersecurity policies and procedures and produce an annual cyber report.
Our team of cybersecurity and regulatory experts assist firms in building SEC cyber policies and data security programs with documented testing reports to assess the firm’s protection of sensitive client and firm information. We work to thoroughly review and revise existing policies and procedures and create a custom testing program, with the goal of generating sustainable, well-documented cybersecurity programs reflective of industry best practices and regulatory expectations.
In addition to year-end vendor due diligence, our team provides complete testing services:
Annual production of:
- Documentation of annual risk assessment
- Recommendations on enhancements to cyber policies and procedures
- Log of cyber and data security training provided to staff
- Detailed outline of testing parameters and documentation of findings
- Assistance with testing material requirements established by cyber policies and procedures
- Reports of mock phishing simulations
- Documentation of external / internal network scans and resolved vulnerabilities
- Facilitation and documentation of incident response and disaster recovery / business continuity tabletop exercises
- Assistance in maintaining a well-documented vendor management program
- Maintain an approved vendor list
- Conduct and document annual vendor due diligence reviews:
- Summarize vendor due diligence findings
- Coordinate meeting to review a summary of the completed due diligence reviews
- Take meeting minutes to evidence oversight
Meet Our Cyber Solutions Team
Amber Allen
General Counsel and Executive Vice President; President, Fairview Cyber
