FCA Regulated business owners are acutely aware of the need to protect the personal data of clients.
Firms will hold confidential customer information about finances / wealth / medical details and the like. Such information would be of great interest to those with a criminal intent - and as a result Regulated Firms need to be able to reassure customers that their personal data is safe.
Here are a few questions that may be of use:
Does your Firm have a designated person responsible for the maintenance, storage and destruction of customer data?
Does your Firm have written procedures for the storage and destruction of both hard copy and electronic customer data including its secure disposal?
Does your Firm have arrangements to shred obsolete paper records?
If using laptops, does your Firm employ any additional controls around their use? Are files encrypted to ensure that they cannot be accessed by people outside of your Firm should the laptop be lost or stolen?
When disposing of obsolete equipment do you ensure that any data on the device has been removed?
Does the Firm have up to date anti virus & firewall software on all devices?
Does the Firm have a policy of regularly updating all security updates on all software and devices?
Do you require passwords to be a minimum of eight characters / symbols and changed regularly?
Do you reuse the same password for different platforms / areas?
If the Firm has a wireless network (wifi) have you implemented a password protocol ?
If a member of staff leaves do you remove their access authorizations promptly?
Are all staff reminded of their personal responsibilities to keep data confidential and not to make unnecessary copies ?
Does the Firm have procedures in place to test that back-up systems operate correctly?
Does the Firm have a Disaster Recovery Plan ? When was it last tested?
Does the Firm use third parties to provide support ? Were the vetting procedures (Due Diligence) adhered to?
Does the Firm permit remote access by third parties / staff ?
Compliant Solutions Limited - experts in helping Financial Services Businesses deal with the business challenges of Financial Conduct Authority Compliance - for help contact ian@compliantsolutions.co.uk
No comments:
Post a Comment