Security Overview
The ActiveDisclosure is a highly secure environment leveraging advanced security capabilities to help protect clients’ most sensitive financial data against today’s security threats.
Our systems, processes and experts leverage numerous tools to secure our clients data
SOC 2 Type II audits
Data is encrypted end-to-end while in transit via TLS v1.2
AES 256-bit encryption used to protect data at rest
AES 256-bit encryption used to protect database files
Fully supported Multifactor Authentication and customer Single Sign-On (SSO) integration
Static and Dynamic Application Security Testing technologies (SAST/DAST) are integrated into DFIN’s software development cycles to identify security risks prior to releases
Azure Key Vault used for key storage
Comprehensive, ongoing vulnerability scans are conducted across all applications to quickly identify and mitigate cyber vulnerabilities
Use of next-gen antivirus and antimalware technologies
Commitment to GDPR and other data protection regulations
Annual third-party penetration testing with each finding’s remediation effort independently validated
Extensive employee security awareness and training
Rigorous governance and compliance controls
AD SOC 2 Type II
Annual ActiveDisclosure SOC 2 Type II audit and report
Global Capital Markets
Annual Global Capital Markets SOC 2 Type II audit and report
AICPA Trust Service Principles
Rigorous governance program is in place leveraging the AICPA Trust Service Principles of Security, Availability, and Confidentiality
Penetration Testing
Annual third-party Penetration Testing for independent verification of ActiveDisclosure’s security posture
- Findings are reviewed and resolved according to DFIN policy
- The third party is brought back to validate that the remediation was effective
- Executive Summary reports are available for client review
Infrastructure
Comprehensive Network
Infrastructure Security controls are in place (firewalls, IDS & IPS, logging, and security monitoring)
Oversight
- Regular network and server vulnerability scans
- Regular OS patching (Microsoft security patches are applied each month)
- Regular backup schedule
- Hosted in Microsoft Azure
DFIN Security Team
Led by Dannie Combs
SVP, Chief Information Security Officer
Enterprise Security team supporting Security Incident and Response, Application Security, Network Security and Security Governance, Risk and Compliance, further supporting:
- The use of security tools and utilities to scan and monitor DFIN assets
- Security Response Team and process in place to address any potential vulnerabilities or events
- Security monitoring and logging
- Policy management - comprehensive policies including Information Security Policy and Security Awareness annual employee training
- Cybersecurity incident response
- Frequent, ongoing employee training programs and best practices
We can provide additional information, including our SOC 2 type II report, once a Non-Disclosure Agreement is signed.
call +44 203 047 6100