Loading...
Trust Company Security Audit Prep 2021-02-18T17:06:59-05:00

Trust Company Security Audit Prep

Do you manage a trust company that is subject to statewide regulatory trust agency rules? Fairview Cyber can help you enhance your data security program so that you are prepared for your next state regulatory audit. If so, there is a good chance your data security and vendor management programs will be audited in the coming months or years.

Despite the actively changing requirements and expectations for trust company cybersecurity programs, you can still be proactive in getting your security infrastructure up to speed. Fairview Cyber knows the security requirements, understands the risks, and can help your business get on track before regulators initiate an exam. By locking down sensitive data, training employees to keep it safe, creating a strong vendor management program, and fully documenting your data security initiatives – you can be confident that you are meeting regulator expectations and protecting client data from compromise.

Fairview Cyber can help boost your data security and vendor management programs by providing a comprehensive, full-service solution- or with a la carte options to bolster your existing security infrastructure. Take a look at our services below or reach out to us [contact us form link] to begin the process of maximizing your trust company’s data security.

POLICIES AND PROCEDURES AND RISK ASSESSMENT

We will evaluate your cybersecurity program and make a plan to close the gaps.

  • Draft new, or revise existing, cyber and data security policies and procedures to address administrative, technical, and physical safeguards; focus areas include:
    • Risk assessment
    • Physical security
    • Hardware/software
    • Data
    • Network security
    • Service providers
    • And more
  • Draft or revise, and assist with maintaining, data security policies and procedures that align with regulatory expectations, including policies based on NIST or CIS standards
  • Prepare and maintain and Incident Reponse Plan
  • Conduct initial and annual cyber and data security risk assessments for client network

VENDOR MANAGEMENT SOLUTIONS

Stay up-to-date on how other businesses are handling your and your clients’ information.

  • Assist in maintaining a well-documented vendor management program
  • Maintain an approved vendor list
  • Perform remote vendor due diligence reviews, conducted annually
  • Complete onsite vendor due diligence reviews (optional)

DOCUMENTATION AND DELIVERABLES

We help you maintain a fully documented cybersecurity program.

  • Annual production of:
    • Detailed outline of review parameters
    • Reports of phishing and penetration test results
    • Analysis of vendor due diligence
    • Documentation of risk assessments
    • Recommended updates to policies and procedures
  • Assist with conducting incident response tabletop exercise scenarios
  • Log of cyber and data security training and testing
  • Records of risk assessments and findings

TRAINING

Test your network for vulnerabilities and train employees to keep it safe.

  • Coordination of ongoing employee phishing training
  • Coordination of annual cybersecurity training
  • Annual Regulation S-P training

EXTERNAL SCAN

  • Conduct or coordinate external network scan
  • Provide detailed outline of review parameters
  • Record and document findings of assessments

INTERNAL SCAN

  • Conduct or coordinate internal network scan
  • Provide detailed outline of review parameters
  • Record and document findings of assessments