DFIN has created this document to answer some commonly asked questions regarding the security and privacy of ActiveDisclosure software. It is important to note that DFIN is continually improving security and privacy.
1. What is ActiveDisclosure by DFIN?
ActiveDisclosure is purpose-built, cloud-hosted, browser-based software offering seamless integration, simple and fast onboarding, and a variety of intelligent core filing tools for finance professionals. It was developed by our team of experts with the support of partners and clients using modern technologies to transform financial reporting and SEC filing.
2. Why did DFIN create Active Disclosure?
DFIN wants to provide existing and future clients with the necessary tools and support needed for secure, fast, and efficient financial reporting and SEC filing, along with collaboration among their advisors and teams. ActiveDisclosure does this and more.
3. What security measures have been put in place since ActiveDisclosure was introduced?
Security is of the utmost importance to DFIN. Protecting clients, partners, and ourselves has always been critical to who we are and what we do. ActiveDisclosure has been secure since its creation and launch. Since then, DFIN has been making continuous improvements based on best practices and emerging technologies. DFIN clients have always had the opportunity to take advantage of the advanced security capabilities of our Enterprise Security team who are dedicated to protecting data, reports, and files.
4. How is DFIN working to protect clients of ActiveDisclosure?
DFIN is dedicated to protecting clients with measures and processes to secure their critical data and assets. This includes security testing and training, modern Secure Software Development Life Cycle (S-SDLC) practices and Continuous Integration/Continuous Deployment (CI/CD) practices, and next-generation protection & response and antivirus technologies to combat potential issues.
5. How secure is ActiveDisclosure infrastructure?
ActiveDisclosure has a comprehensive network and unique infrastructure security controls in place. This includes firewalls, IDS & IPS, logging, and security monitoring. DFIN also offers regular and monthly network, server, and OS vulnerability scans, OS patching including monthly security patches, and regularly scheduled backups hosted in Microsoft Azure.
6. How does DFIN Global Enterprise Security support ActiveDisclosure?
The DFIN Global Enterprise Security team monitors ActiveDisclosure 24x7x365 for any anomalous activity. Also, the team supports ActiveDisclosure clients through:
- The use of state-of-the-art security tools and utilities to continuously scan and monitor DFIN assets
- An in-house Cyber Defense team complimented by third-party cybersecurity services
- Employee security awareness training for all DFIN employees
- Proactive security monitoring and cyber incident response
7. Can DFIN share more details about its ActiveDisclosure security operations?
DFIN Security Operations provide support to all clients. System logs are aggregated, correlated, and monitored 24x7x365 days a year. The DFIN monitoring platform identifies malicious behavior and Tactics, Techniques, and Procedures (TTPs) known to be used by threat or bad actors. The Cyber Defense team monitors connections into the DFIN VPN, Azure instances, and other critical services that may originate from high-risk ISPs and geographic locations.
8. What is DFIN Protect and how does it relate to ActiveDisclosure?
DFIN Protect is a security training program for DFIN associates that teaches cyber security best practices to better protect DFIN and its clients. The program includes enterprise communications to educate and address topics timely topics, monthly phishing simulation campaigns, security awareness training focusing on cyber threats, phishing awareness, social engineering, and more.
