FCI — Prospect Intake

Step 1 of 4

Prospect Information

Primary contact and firm details. This section can be filled by the prospect or the sales rep.

First Name *

Last Name *

Title / Role *

Company *

Email *

Phone

Company Website

How did you hear about FCI?

Step 2 of 4

Firm Type & Regulatory Profile

Select your primary firm type. This determines which regulatory and compliance questions appear next.

Firm Type *

⚖

RIA

Registered Investment Advisor — SEC / state-registered

⚙

Broker-Dealer

FINRA member — independent or branch network

☍

Insurance

Carrier or agency — NAIC Model Law

SEC or State Registered?

AUM Range

Number of Advisors

Last SEC Exam (year or approximate)

Do advisors work from home offices or personal devices?

Biggest compliance concern right now?

Number of Registered Reps

Number of Branch Offices

Type

Last FINRA Exam (year or approximate)

Do you have a written information security policy?

Biggest compliance concern right now?

Carrier or Agency?

Number of Appointed Agents

States of Operation

Subject to NYDFS 23 NYCRR 500?

Do field agents use personal devices for company business? (BYOD)

Biggest compliance concern right now?

Step 3 of 4

IT & Cybersecurity Environment

Help us understand your current technology landscape. This information is used to scope a proposal and prepare for the security assessment.

Total Endpoints (desktops, laptops, servers)

Number of Office / Branch Locations

Total Users (including remote)

Current Security / IT Vendor

Endpoint Management / EDR Tool

Is MFA enforced across all users?

Primary Cloud Platform

Microsoft 365 Google Workspace AWS Azure Other

Do you have a SIEM or SOC today?

Backup & Recovery Approach

Any cybersecurity incidents in the past 24 months?

Step 4 of 4

Security Readiness Self-Assessment

Rate your firm's current posture across six critical areas. 1 = no controls or visibility, 5 = fully enforced with evidence. Be honest — this helps us build a realistic proposal.

Firm-Level Governance

3

Written cybersecurity policies, incident response plan, board/executive reporting, vendor risk management, employee training program

No policiesDocumented & enforced

Endpoint Security

3

Device inventory, EDR/antivirus on every device, encryption enforcement, patch management, BYOD controls

No visibilityFull coverage & evidence

User & Access Controls

3

MFA enforcement, VPN/Zero Trust access, role-based permissions, offboarding process, privileged account management

No MFA / open accessMFA + ZTA everywhere

Network Security

3

Firewall configuration, network segmentation, intrusion detection, DNS filtering, wireless security

Flat network / no monitoringSegmented & monitored

Cloud Application Security

3

Microsoft 365 hardening, conditional access policies, data sharing controls, email authentication (SPF/DKIM/DMARC), Secure Score

Default configHardened & audited

Data Protection

3

Data classification, encryption at rest and in transit, DLP rules, backup testing, retention policies

No classificationClassified & encrypted

18

out of 30

Moderate Readiness — Gaps Likely