Start the Conversation

Honeypot Field to Catch Bots
Honeypot Field to Catch Bots

Security Overview

The New ActiveDisclosure is a highly secure environment leveraging advanced security capabilities to help protect clients’ most sensitive financial data against today’s security threats.

StadiumStadium

Our systems, processes and experts leverage numerous tools to secure our clients data

SOC 2 Type II audits

Data is encrypted end-to-end while in transit via TLS v1.2

AES 256-bit encryption used to protect data at rest

AES 256-bit encryption used to protect database files

Fully supported Multifactor Authentication and customer Single Sign-On (SSO) integration

Static and Dynamic Application Security Testing technologies (SAST/DAST) are integrated into DFIN’s software development cycles to identify security risks prior to releases

Azure Key Vault used for key storage

Comprehensive, ongoing vulnerability scans are conducted across all applications to quickly identify and mitigate cyber vulnerabilities

Use of next-gen antivirus and antimalware technologies

Commitment to GDPR and other data protection regulations

Annual third-party penetration testing with each finding’s remediation effort independently validated

Extensive employee security awareness and training

Rigorous governance and compliance controls

Service Organization Control (SOC) Reporting

New AD SOC 2 Type II

Annual new ActiveDisclosure SOC 2 Type II audit and report

Global Capital Markets

Annual Global Capital Markets SOC 2 Type II audit and report

AICPA Trust Service Principles

Rigorous governance program is in place leveraging the AICPA Trust Service Principles of Security, Availability, and Confidentiality

Application Security

Lock Icon White

Encryption

  • Data transmission is encrypted while in transit via TLS v1.2
  • Static and Dynamic Application Security Testing technologies are fully integrated into ActiveDisclosure software development lifecycles
  • AES 256-bit encryption is used to protect data while at rest
  • AES-256-bit encryption is used to protect database files
ID Card Icon White

Identity Access Management

  • Multifactor Authentication and customer Single Sign-On integration fully supported
  • Azure Key Vault used for key storage
Clock Icon White

Threat Management

Performed continuously, leveraging state-of the-art threat management tools

Penetration Testing

Annual third-party Penetration Testing for independent verification of ActiveDisclosure’s security posture

  • Findings are reviewed and resolved according to DFIN policy
  • The third party is brought back to validate that the remediation was effective
  • Executive Summary reports are available for client review

Application Development

Code Icon White

Code reviews

Performed multiple times throughout the development process

Checklsit Icon White

Rigorous QA

Testing process is in place to identify potential issues early in the development process including SAST and DAST testing

Gear Icon White

SDLC and Continuous Integration / Deployment

DFIN embraces modern Software Development Life Cycle (SDLC) and Continuous Integration & Continuous Deployment (CI/CD) best practices aligned to a multi-environment (Integration, Quality Assurance, Staging, and Production) release promotion process

Infrastructure

Comprehensive Network

Infrastructure Security controls are in place (firewalls, IDS & IPS, logging, and security monitoring)

Oversight

  • Regular network and server vulnerability scans
  • Regular OS patching (Microsoft security patches are applied each month)
  • Regular backup schedule
  • Hosted in Microsoft Azure

DFIN Security Team

Led by Dannie Combs

SVP, Chief Information Security Officer

Enterprise Security team supporting Security Incident and Response, Application Security, Network Security and Security Governance, Risk and Compliance, further supporting:

  • The use of security tools and utilities to scan and monitor DFIN assets
  • Security Response Team and process in place to address any potential vulnerabilities or events
  • Security monitoring and logging
  • Policy management - comprehensive policies including Information Security Policy and Security Awareness annual employee training
  • Cybersecurity incident response
  • Frequent, ongoing employee training programs and best practices

We can provide additional information, including our SOC 2 type II report, once a Non-Disclosure Agreement is signed.

or