Page 78 - P&P11-05-2020-with-FAQ-JR
P. 78

78



               Information Security Policy

               CIS has appointed John Riley as the firm’s Chief Information Security Officer (“CISO”). The CISO is responsible for
               managing CIS’s information security program.

               Access Persons
               Access persons include any of CIS’s supervised persons who have access to non-public information regarding any
               client’s purchase or sale of securities, or information regarding the portfolio holdings of any reportable fund, or
               who is involved in making securities recommendations to clients, or who has access to such recommendations that
               are non-public.
               The following employee(s) will manage non-public information:
               Name           Title
               John Riley     Operating Manager
               Kara Kelleter   Office Manager
               Michael Curtis   VP Managed Accounts

               The following individuals also have access to this nonpublic information:
               Name  Title
                       Donna Stiness – Office Assistant
                       Susan Riley – Compliance Assistant


               The following former employees also have, or have had in the past five years, access to this nonpublic information:
               Name           Title         Date Terminated Notes, if any
               Desiree Dube   Assistant     03/15/2020



               Inventory of Technology Infrastructure
               On an annual basis, the CISO of CIS will make an inventory of the following:
                   ●  Physical devices and systems (computers, servers, etc.);
                   ●  Software platforms and applications (email applications, file management, etc.);
                   ●  Systems that house client data; and
                   ●  Third-party contractors that have access to systems, platforms, etc.

               CIS’s primary software platforms that may contain client data are summarized below.
               Type of System                              Name of System
               Customer Relationship Management (CRM)      Redtail
               Financial Planning                          NA
               Reporting / Portfolio Management            Black Diamond
               Email Provider / Hosting                    GSuite
               Email / Social Media Archiving              Global Relay
               Document Management / Storage               WDC Backup
               Portfolio Risk Management                   Riskalyze

               CIS utilizes cloud-based technology systems, which it believes provide increased information security capabilities
               including:
                   ●  Ability to leverage the established infrastructure of trusted technology industry leaders; and
                   ●  Improved system alert capabilities including better user activity logging and alerts related to unusual user
                       activity.

               CIS also recognizes that cloud-based technology systems create a greater reliance on passwords and user login
               security. In particular, CIS understands that certain users with administrative access to the firm’s cloud-based
   73   74   75   76   77   78   79   80   81   82   83