Security & Privacy Policy
For Vendor Due Diligence
For vendor due diligence, we provide our clients with a comprehensive Cybersecurity Package that demonstrates we abide by the same regulatory requirements you have to meet
Security & Privacy Policy Summary
Nonpublic Information (NPI)
FCI does not access, transmit, store or control NPI from its clients.
Cybersecurity Policies & Procedures
FCI has a comprehensive set of documented, current policies that are periodically reviewed, updated, and enforced. Such security policies specifically address the purpose and scope of FCI Services.
Compliance
FCI asserts that its security policies and procedures are compliant with the United States government regulations for the financial services industry and those that its clients has or may have provided to FCI and do not conflict. Where compliance and conflict issues exist, the parties will jointly work to fix such issues. FCI asserts that it meets applicable United States legal and regulatory requirements and commits to a timely implementation and demonstration of compliance procedures when such legal and regulatory requirements are created or updated. FCI asserts that it is exercising an appropriate standard of due care with respect to securing information assets, primarily accomplished through security policies, procedures, and practices that are documented and enforced.
Contingency Planning, Operational & Disaster Recovery
FCI implemented business continuity and disaster recovery (BC/DR) plans for critical assets and asserts that they are periodically tested and found effective. FCI has deployed operational redundancy (via a dual, high availability environment) in the event of a primary SOC failure and a failover site, physically and geographically separated from FCI’s primary site, which exists in the event of a natural disaster (earthquake, hurricane) or other circumstances that affect business continuity such as interruptions in local/regional utility service (communications, gas, electric, sewer, water). FCI can support periodic testing of its BC/DR plans. Such tests include impact scenarios that could potentially cause unacceptable interruption of FCI Services.