At Haverford, we take a multilayered approach to securing our digital assets, which may include your personal nonpublic information. Our Chief Information Officer and Chief Compliance Officer work in tandem to ensure that we have assessed our information security risks and mitigated them to the best of our abilities.
Our information security is governed by the following:
- We have defined Information security policies and standards that are reviewed on a regular basis.
- We perform risk assessments to determine information security risks and update our policies and standards whenever anything changes or at a minimum annually.
- Access to sensitive information is only given to employees that need it to perform their job and all employees are trained in security and privacy procedures.
- We utilize systems designed to detect and mitigate cybersecurity threats.
- We perform regular stress testing to determine if systems and procedures are working properly.
- We maintain an Incident Response Plan that is reviewed annually by our Incident Response Team.
- Our Incident Response Team is a group composed of individuals from both within and outside of Haverford. It is activated in response to a computer security incident and empowered to resolve the incident as quickly as possible. This Team is headed by the Security Officer and engaged for any level of incident, but may not activate all members in every case.
- Our Information Technology Team reviews and tests our Business Continuity and Disaster Recovery Plans on an annual basis.
- We enforce vendor management policies and procedures intended to ensure our partners have proper cybersecurity controls in place before we engage them.
- We undergo risk assessments and audits performed by 3rd parties on an annual basis.
- We provide a secure client website with secure socket layer (SSL) encryption.
- We are regulated and reviewed by the Federal Reserve Bank and PA Department of Banking.