Blog

Security of Financial Advisory CRM Systems and the basics…

 

While standards and certifications may change, we took the liberty of compiling the latest security information on several of the CRMs within the financial RIA industry. As always, please also do your own due diligence when researching the security of systems as it is a moving target.

 

TRUSTe ISO 27001 ISO 27002 SAS 70 SSAE 16 256-bit Encryption TIA 942
EBIX Smart Office Yes Yes
Grendel Yes
Junxure Cloud Yes Yes Yes
Redtail Yes Yes
Salesforce Yes Yes Yes
Wealthbox Yes

 

ISO 27001 Standards: The 27001 standard does not mandate specific information security controls, but it provides a checklist of controls that should be considered as standard policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes. Some organizations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed.

ISO 27002 Standards: A comprehensive set of information security control objectives and a set of generally accepted good practice security controls. Some organizations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed.

SOC 1, 2, and 3: Reports on the accordance with SSAE 16 standards

SAS 70: Up until 2011, Independent audit ensuring that the management of datacenters provide appropriate security and procedures. It does mean that physical access to the server environment is strictly controlled.

SSAE 16: Replaces SAS 70 as of 2011. Independent audit ensuring that the management of datacenters provide appropriate security and procedures. It does mean that physical access to the server environment is strictly controlled.

Telecom Industry Association TIA-942: an American National Standard (ANS) that specifies the minimum requirements for telecommunications infrastructure of data centers and computer rooms including single tenant enterprise data centers and multi-tenant Internet hosting data centers. The topology proposed in the standard was intended to be applicable to any size data center. Some organizations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed.

TRUSTe: an internet privacy services provider whose mission is to build users’ trust and confidence on the Internet and, in doing so, accelerate growth of the Internet industry. TRUSTe’s professional services include site reputation management, trust seals, privacy policy generation, vendor evaluation, and consumer privacy dispute resolution. TRUSTe offers specific certifications, which provide businesses with management and execution of internal procedures to ensure security.  Without seeing what is really being done, it assists in preparing to self-certify under Safe Harbor (e.g. developing a privacy policy based on the Safe Harbor Privacy Principles), a letter of verification, third-party dispute resolution services, and could choose to be certified to then use the distinctive seal on their businesses’ website.

256-bit encryption: refers to the length of the encryption key used to encrypt a data stream or file. A hacker or cracker will require 2256 different combinations to break a 256-bit encrypted message. Typically, 256-bit encryption is used for data in transit, or data traveling over a network or Internet connection. The U.S. government requires that all sensitive and important data be encrypted using 192- or 256-bit encryption methods.

We hope this helps guide you on your security research.

If you seek help, don’t hesitate to click HERE to schedule a one-time Boost Call or HERE to inquire into our lean, business operations strategy services and massive list of vetted providers.

Authored by Jen Goldman, COO’s Business Ops Yoda
Guest contributor, Wes Stillman, of RightSize Solutions

 

Share:

Print This Post Print This Post