Client Information Security Policy
Purpose
The purpose of this Client Information Security Policy is to establish the guidelines and procedures Pi Advisors Global (“the Company”) will follow to ensure the security, confidentiality, and integrity of client information. This policy outlines the measures in place to protect against unauthorized access, disclosure, alteration, and destruction of client data.
Scope
This policy applies to all employees, contractors, and third-party service providers who have access to client information through their association with Pi Advisors Global.
Policy Statements
1. Information Collection and Use
– Data Minimization: The Company will only collect and use client information that is necessary for business purposes and service delivery.
– Purpose Specification: Clients will be informed of the purpose for which their information is collected and how it will be used.
2. Data Protection Principles
– Confidentiality: Client information will be treated as confidential and will not be disclosed to unauthorized individuals or entities.
– Integrity: Measures will be taken to ensure that client information is accurate and complete.
– Availability: Authorized users will have access to client information as needed for legitimate business purposes.
3. Access Control
– Authorization: Access to client information will be granted based on job responsibilities and the principle of least privilege.
– Authentication: Strong authentication mechanisms, including passwords and multi-factor authentication, will be used to verify the identity of users accessing client information.
– Audit Trails: Access to client information will be logged and monitored to detect and respond to unauthorized access.
4. Data Security Measures
– Encryption: Client information will be encrypted during transmission and storage using industry-standard encryption technologies.
– Physical Security: Physical access to systems and storage media containing client information will be restricted to authorized personnel.
– Network Security: Firewalls, intrusion detection/prevention systems, and other network security measures will be implemented to protect client information from cyber threats.
5. Third-Party Service Providers
– Due Diligence: The Company will conduct due diligence on third-party service providers to ensure they have adequate security measures in place.
– Contracts: Agreements with third-party service providers will include provisions to protect client information and ensure compliance with this policy.
6. Data Retention and Disposal
– Retention: Client information will be retained only as long as necessary to fulfill business purposes or as required by law.
– Disposal: Secure methods will be used to dispose of client information that is no longer needed, including shredding, erasing, or otherwise rendering the information unreadable.
7. Incident Response
– Incident Reporting: Employees and contractors must report any security incidents involving client information to the designated Incident Response Team immediately.
– Response and Mitigation: The Company will investigate security incidents promptly and take appropriate measures to mitigate any harm to clients and prevent recurrence.
8. Training and Awareness
– Security Training: Employees and contractors will receive regular training on information security best practices and their responsibilities under this policy.
– Awareness Programs: The Company will implement ongoing awareness programs to reinforce the importance of protecting client information.
9. Compliance and Monitoring
– Policy Compliance: Compliance with this policy will be monitored through regular audits and assessments.
– Legal and Regulatory Compliance: The Company will comply with all applicable laws and regulations regarding the protection of client information.
10. Review and Revision
– Policy Review: This policy will be reviewed annually and updated as necessary to address new threats, technologies, and business practices.
– Feedback: Feedback from employees, clients, and stakeholders will be considered in the policy review process.
Responsibilities
– Management: Ensure the implementation and enforcement of this policy.
– Employees: Adhere to the guidelines and procedures outlined in this policy.
– IT Department: Implement technical measures to protect client information.
– Incident Response Team: Respond to and manage security incidents involving client information.
Contact Information
For any questions or concerns regarding this policy, please contact:
Pi Advisors Global
Email: contact@piadvisorsglobal.com
By adhering to this Client Information Security Policy, Pi Advisors Global is committed to protecting client information and maintaining the trust and confidence of our clients.