Data Security
1,000+
U.S. Firms
Use our FinCEN filing products today at law firms, accounting firms, fund management services, and real estate compliance providers.
150,000
Annual Filings
Flow securely through our Advalis solutions each year to FinCEN, supporting ongoing compliance for entities and their filing service providers.
SOC 2 Type 2
Certification protects client data. This rigorous standard and recurring audits assures security best practices and regular testing.
40+
State Associations
Including state bar associations, CPA societies, and real estate groups work with our experts for continuing regulatory education courses.
Security Practices
- Defined Terms. Defined terms are indicated by capital letters and have the meaning set forth herein. “Personal Data” means any data or information, in any form or format, that relates to an identified or identifiable natural person or is otherwise subject to any Data Protection Laws in connection with the Agreement. “Security Incident” means the unauthorized or accidental access to or use, disclosure, alteration, loss, destruction, or other unauthorized or accidental processing of Personal Data or is a “Security Incident” or “data incident” under Data Protection Laws. “Data Protection Laws” means any applicable law or binding regulation related to data protection or privacy of Personal Data.
- SOC 2 Type 2 Certification: Company has achieved a SOC 2 Type 2 certification and may adhere to security standards in excess of those included on this exhibit as indicated on the SOC 2 report. Company will provide its SOC 2 report upon request but reserves the right to request execution of an NDA before sharing this report.
- Security Incident Notification. In the event Company has knowledge of or reasonably suspects a Security Incident of Personal Data or involving the Services, Company will notify Customer in writing within 48 hours, preserve pertinent information with respect to the Security Incident, and cooperate fully and keep Customer advised of the status of such Security Incident and all related matters.
- Incident Response Plan. Company maintains a documented policy and procedure for incident response that specify actions to be taken when Company detects or becomes aware of unauthorized use of Personal Data or unauthorized Services access.
- Security Governance. Company identifies in writing a named individual as the Security Officer, identifies internal and external risks, assesses the sufficiency of safeguards, contracts with service providers capable of maintaining appropriate safeguards, and adjusts the security program as required.
- Access Control. Company requires Staff to authenticate to the Services using a unique account ID and password and, where possible, use multi-factor authentication for privileged account login, review access to Services regularly, have access control processes and procedures, and restrict access to Personal Data on “need to know” basis.
- Risk and Vulnerability Assessments. Company performs security risk assessment and penetration tests to assess and audit the risks to Personal Data and the Services and conduct periodic audits including contracting external penetration tests and operating security bounty campaigns.
- Patch and Vulnerability Management. Company deploys all applicable security patches commensurate with the applicable risk and maintains a documented patch management and distribution process.
- Encryption. Company utilizes encryption to protect all Personal Data in-transit and at rest.
- Network and Systems Management. Company utilizes network and other security architectural components to protect the Services that process Personal Data and are accessible from the Internet or other public network and utilize firewalls that limit traffic between network segments based on source IP address, destination IP address and specific ports.
- Remote Access. Company utilizes encryption to secure and protect remote access connections, require authentication using industry standards and limit remote access into the Services.
- Business Continuity; Backups. Company will document policies and procedures, perform regular backups and keep back-ups for six months.
- Logging and Monitoring. Company maintains audit logging and log monitoring policies and procedures and records relevant security event logs for Services that process Personal Data.
