Trust Company Security Audit Prep
Do you manage a trust company that is subject to statewide regulatory trust agency rules? Fairview Cyber can help you enhance your data security program so that you are prepared for your next state regulatory audit. If so, there is a good chance your data security and vendor management programs will be audited in the coming months or years.
Despite the actively changing requirements and expectations for trust company cybersecurity programs, you can still be proactive in getting your security infrastructure up to speed. Fairview Cyber knows the security requirements, understands the risks, and can help your business get on track before regulators initiate an exam. By locking down sensitive data, training employees to keep it safe, creating a strong vendor management program, and fully documenting your data security initiatives – you can be confident that you are meeting regulator expectations and protecting client data from compromise.
Fairview Cyber can help boost your data security and vendor management programs by providing a comprehensive, full-service solution- or with a la carte options to bolster your existing security infrastructure. Take a look at our services below or reach out to us to begin the process of maximizing your trust company’s data security.
CYBER AND DATA SECURITY TESTING
We will test the effectiveness of your firm’s data security and provide documentation to help you close the gaps.
- Review quarterly reports produced by your firm’s managed service provider
- Lead and document annual disaster recovery and incident response plan tabletop exercises
- Prepare documented reviews, as required by your firm’s policies and procedures
- Prepare an annual report of testing conducted throughout the year
VENDOR MANAGEMENT SOLUTIONS
Stay up-to-date on how other businesses are handling your and your clients’ information.
- Support establishment of a new management program and provide long-term implementation services, or
- Assist in maintaining client’s vendor existing management program
- Maintain an approved vendor list on behalf of client
- Perform remote vendor due diligence reviews to evaluate operational and data security risks
- Provide a well-documented summary of review results
- Lead and maintain minutes for the firm’s annual vendor due diligence review
- Complete, onsite vendor due diligence reviews (optional)
Train and test employees on how to avoid threats to your network.
- Deploy mock phishing campaigns to employees
- Coordinate ongoing employee training, including reports of results on regular cyber calls
- Establish and implement a training program for employees who click on simulated phishing emails
EXTERNAL SCAN OF IPS (PENETRATION TEST)
Evaluate whether your data is truly safe with outside networks.
- Conduct or coordinate external network scan
- Provide detailed outline of review parameters
- Provide steps on action necessary to remediate any vulnerabilities identified in the scan
- Record and document findings of assessments and action taken to resolve vulnerabilities