Had a wonderful time discussing what Registered Independent Advisors should be thinking about when it comes to protecting their data. Mapped out the following key points that were highlighted in his latest reporting spot:
- Don’t give out username/password to screen scraping applications for account aggregation and portfolio mgt systems
- Interview vendors on how they protect their data – Target anyone.
- Review the vendors SAE16 or SAS70 Type report which measures key IT resilience, backup, and recovery operations
- Conduct a datacenter review of infrastructure to understand how systems and networks are deployed,managed, and maintained.
- Conduct an application architecture review to understand what technologies have been used to build their apps to get a picture of availability and scalability.
- Assess the richness of functionality they have to address the advisors requirement RFI.
- Analyze how well the apps integrate with other third party systems and custodian platforms.
- Review any data from the vendor on uptime, availability, response time metrics.
- Analyze contracts for valid SLA’s, if not met, vendor reduces expenses.
- Hire a knowledge Tech advisor to vet cloud computing like document storage, electronic signature, email auditing.
- Start encrypting information that travels over the internet. Still amazed how Advisors still use email to conduct business.
- Understand what information is stored on mobile devices when using applications that power advisors.