|
Security
Process
Mainstay’s Security Infrastructure is broken down into the following Components
-
Confidentiality
(Advisor Level)
-
Monitoring Process (Advisor and Infrastructure)
-
Audit and Control Process
-
Data Privacy (Customer)
-
Information
Security Process and Standards
<Click here to download a PDF version of our Security Process>
Confidentiality (Advisor Level)
NDA – Client Level and Service Level
Information Access Control
Security Configuration Management
Security Management Process
Media Controls (no floppy drives or CD-Writers in any of the machines)
No Public Network (Controlled Internet Access)
Monitoring Process (Advisor and Infrastructure)
Defined Process
Documented processes for changing data once created and for the prevention of unauthorized manipulation of data, and audit trails should log unauthorized access and changes.
Documented storage processes and mechanisms; parameters defining when data should be destroyed or archived should be documented; and data disposal procedures, including hardware disposal, should be documented.
Audit and Control Process
Audit Trail
Version Control
Extensive Logging Mechanism
Authorization (Login ID’s and Password)
Authentication (Secure ID)
Data Privacy (Customer)
Centralized Data Storage
IP Level Security
Desktop Level Security controlled by a Domain
Authentication (Login ID’s and Password)
Authorization
Logging (Can be enabled to monitor Keystrokes)
Additional AES 256 bit Encryption with PKI (if required) File and Database
Information Security Process and Standards
Chain-of-Trust Agreements
Contingency Planning
Records Processing
Information Access Control
Internal Audit
Personnel Security
Security Configuration Management
Security Incident Procedures
Security Management Process
Termination Procedures
Training (under several regulations)
Media Controls
Physical Access Controls
Access, Audit, Authorization, and Authentication Controls
Communications and Network Controls
Electronic/Digital Signature
|
