As technology continues to evolve, it brings tremendous benefit yet significant risk, particularly for those in financial services. Balancing business goals with a sound compliance program can be tricky. That’s where Fairview comes in. Our team of regulatory and cybersecurity experts works with firms to create sustainable, well-documented cybersecurity programs that enable CCOs and investment advisers to utilize new technology, while mitigating risk and maintaining thorough, sound compliance programs.
Our Services:
Risk Detection and Mitigation
- Vendor due diligence (including detailed report with findings and recommendations)
Comprehensive Testing
- Evaluate material requirements included in cyber and data security policies.
- Cyber and data security employee training
- Incident response and disaster recovery exercises
- Custom phishing training
- Employee training on AI, including approved and prohibited uses
Penetration Tests and Vulnerability Scans
- Penetration tests
- Vulnerability assessments
- Internal & external scans
- Dark web scanning
- Domain name system (DNS) records scanning
Policy Development
- Assessment of current policies
- Development of new policies and procedures to address regulatory requirements and industry best practices (including those related to AI)
Mock SEC Cyber Exams
- Request list based on SEC Cyber Exams
- Mock interviews with employees
- Review of documentation in response to request list
- Summary of findings, including recommendations to enhance program
Audit Office 365 Environment
- Complete security audit, including comprehensive review of Conditional Access, Identify, SharePoint, Exchange, and Data Loss Prevention
- Tailored recommendations based on unique business needs
Cloud Incident Response & Forensic Testing
- Comprehensive forensic analysis to identify breach details, access points, and compromised data and client information
- Summary of findings and recommendations for enhancements
Full Support for Amended Regulation S-P:
Vendor Management Program
- Vendor due diligence on all required service providers.
- Assist with confirming service providers will provide notice of an incident within 72 hours, based off the items provided and reviewed.
- Detailed analysis and documentation of all findings, including potential security gaps.
- Light passive external scan of all vendors’ public domains.
- Assistance with reviewing current Vendor Management Policy and/or drafting a Vendor Management Policy to align with Amended Regulation S-P.
Incident Response Program
- Review and/or draft an Incident Response Plan that addresses identification, containment, eradication, and notification of breaches.
Customer Notification Requirement
- Provide a “Notice Determination Checklist” and “Notice Template” that can be used in the event customer notification is needed.
Recordkeeping and Expansion of Safeguards and Disposal (including written records)
- In coordination with our compliance team, draft policies and procedures to meet both of these requirements.
