Thought Leadership  •  February 03, 2022

Start the Conversation

Honeypot Field to Catch Bots
Honeypot Field to Catch Bots

FAQ: New ActiveDisclosure Security and Privacy

DFIN has created this document to answer some commonly asked questions regarding the security and privacy of the new ActiveDisclosure software. It is important to note that DFIN is continually improving security and privacy.

1. What is the new ActiveDisclosure by DFIN?
The new ActiveDisclosure is purpose-built, cloud-hosted, browser-based software offering seamless integration, simple and fast onboarding, and a variety of intelligent core filing tools for finance professionals. It was developed by our team of experts with the support of partners and clients using modern technologies to transform financial reporting and SEC filing.  

2. Why did DFIN create the new Active Disclosure?
DFIN wants to provide existing and future clients with the necessary tools and support needed for secure, fast, and efficient financial reporting and SEC filing, along with collaboration among their advisors and teams. The new ActiveDisclosure does this and more.

3. What security measures have been put in place since the new ActiveDisclosure was introduced?
Security is of the utmost importance to DFIN. Protecting clients, partners, and ourselves has always been critical to who we are and what we do. The new ActiveDisclosure has been secure since its creation and launch. Since then, DFIN has been making continuous improvements based on best practices and emerging technologies. DFIN clients have always had the opportunity to take advantage of the advanced security capabilities of our Enterprise Security team who are dedicated to protecting data, reports, and files.

4. How is DFIN working to protect clients of the new ActiveDisclosure?
DFIN is dedicated to protecting clients with measures and processes to secure their critical data and assets. This includes security testing and training, modern Secure Software Development Life Cycle (S-SDLC) practices and Continuous Integration/Continuous Deployment (CI/CD) practices, and next-generation protection & response and antivirus technologies to combat potential issues.

5. How secure is the new ActiveDisclosure infrastructure?
The new ActiveDisclosure has a comprehensive network and unique infrastructure security controls in place. This includes firewalls, IDS & IPS, logging, and security monitoring. DFIN also offers regular and monthly network, server, and OS vulnerability scans, OS patching including monthly security patches, and regularly scheduled backups hosted in Microsoft Azure.

6. How does DFIN Global Enterprise Security support the new ActiveDisclosure?
The DFIN Global Enterprise Security team monitors new ActiveDisclosure 24x7x365 for any anomalous activity.   Also, the team supports new ActiveDisclosure clients through:

  • The use of state-of-the-art security tools and utilities to continuously scan and monitor DFIN assets
  • An in-house Cyber Defense team complimented by third-party cybersecurity services
  • Employee security awareness training for all DFIN employees
  • Proactive security monitoring and cyber incident response

7. Can DFIN share more details about its new ActiveDisclosure security operations?
DFIN Security Operations provide support to all clients. System logs are aggregated, correlated, and monitored 24x7x365 days a year. The DFIN monitoring platform identifies malicious behavior and Tactics, Techniques, and Procedures (TTPs) known to be used by threat or bad actors. The Cyber Defense team monitors connections into the DFIN VPN, Azure instances, and other critical services that may originate from high-risk ISPs and geographic locations.

8. What is DFIN Protect and how does it relate to the new ActiveDisclosure?
DFIN Protect is a security training program for DFIN associates that teaches cyber security best practices to better protect DFIN and its clients. The program includes enterprise communications to educate and address topics timely topics, monthly phishing simulation campaigns, security awareness training focusing on cyber threats, phishing awareness, social engineering, and more.