WISP

  1. Objective

In order to protect our clients’ privacy and personal information, we at Money Matters Financial Solutions have developed this Written Information Security Program.

This is a comprehensive set of guidelines and policies we have implemented in compliance with obligations under the Graham-Leach-Bliley Act and Federal Trade Commission Financial Privacy and Safeguards Rules to which the Firm is subject as well as other federal, state and international regulations and standards. This plan is reviewed periodically and amended as necessary to protect personal information.

II. Designated Employees to Maintain Security Plan

At Money Matters Financial Solutions, we have appointed Candice Belcher to be the designated employee in charge of maintaining, updating, and implementing our Information Security Program.

III. Internal and External Risk Assessment

In order to assess any risks of access to personal information, we have evaluated where that information may be present. Money Matters Financial Solutions may keep information or other sensitive information on our [Filing cabinets, servers, and desktop PCs ] which are password protected and locked.

Our internal computers are protected behind a firewall. Money Matters Financial Solutions' Employees may from time to time need access to personal information. In order to insure that none of this information is vulnerable to a breach, we have implemented the following policies:

  1. Employee Training
  2. All employees are responsible for maintaining the privacy and integrity of personal information. Any paper record containing personal information about any client or third party must be kept behind lock and key when not in use. Any computer file containing personal information will be kept password-protected. No personal information is to be disclosed without first fully authenticating the receiving party. When disposing of paper records containing personal information, a cross-cut shredder or outside shredding service will be used. Similar appropriate electronic methods will be used for disposing of electronic media. [Security Coordinator's Name] trains all new employees on this policy, and there are also periodic reviews for existing employees.
  3. Employee Compliance

 

  1. Any employee who discloses personal information or fails to comply with these policies will face immediate disciplinary action including the possibility of termination.

e. Detecting and Preventing Security System Failures

Money Matters Financial Solutions will provide regular network security audits in which all server and computer system logs are evaluated for any possible electronic security breach. These audits will be performed every 30 days. Additionally, all employees are trained to watch for any possible physical security breach, such as unauthorized personnel accessing file cabinets or computer systems.

IV. Keeping, Accessing and Transporting Personal Information

As mentioned above, Money Matters Financial Solutions will take all possible measures to ensure that employees are trained to keep all paper and electronic records containing personal information securely on-premises at all times. When there is a need to bring records containing personal information off-site, only the minimum information necessary will be brought; electronic records will be password-protected and encrypted, paper records will be kept behind lock and key. Records brought off-site should be returned to the Money Matters Financial Solutions' office as soon as possible. Under no circumstances are documents, electronic devices, or digital media to be left unattended in an employee’s car, home, or in any other potentially insecure location.

V. Disciplinary Measures

ANY employee who willfully discloses personal information or fails to comply with these policies will face immediate disciplinary action including the possibility of termination.

VI. Prevention of Terminated Employees from Accessing Information

ANY terminated employees’ computer access passwords will be disabled before the employee is terminated. Physical access to any documents or resources containing personal information will also be immediately discontinued.

VII. Third-Party Service Providers

Access to personal information by third-party service providers will be kept to a bare minimum. Any third party service provider who does require access to information will be fully vetted.

VIII. Limiting Information Collected

Money Matters Financial Solutions is committed to collecting only the minimum of personal information necessary to accomplish our purposes; old information is also disposed of securely after 7 years or after whatever period is required by federal and state data retention requirements.

IX. Identifying Where Personal Information is Stored

We have identified the locations where personal information is stored on our network. Personal information is stored in the following: [Filing cabinets, servers, and desktop PCs ].

X. Physical Access Restrictions

Money Matters Financial Solutions offices and computer network are kept locked – third-parties are not allowed physical access to records. Paper files that are not currently in use are kept locked in filing cabinets. In addition, electronic records are kept in databases and on servers which are behind multiple layers of electronic safeguards.

XI. Monitoring and Upgrading Information Safeguards

Money Matters Financial Solutions appointed information security coordinator, Candice Belcher, will continually monitor and annually assess all of our information safeguards to determine when upgrades may be necessary.

XII. Annual Review

Money Matters Financial Solutions appointed information security coordinator will also perform an annual review of our information security plan.

XIII. Documenting and Reviewing Breaches

Money Matters Financial Solutions’ information security coordinator will thoroughly document and review any breach that may occur. Records of this will be kept on file with our Written Information Security Plan.

XIV. Computer System Requirements

To combat external risk and security of our network and all date, we have implemented the following policies:

a. Secure user authentication protocols:

· Unique strong passwords are required for all user accounts; all employees receive their own user accounts.

· Passwords are changed on a regular basis

· Accounts are locked after 3 successive failed password attempts

· Any terminated employees’ computer access passwords will be disabled before the employee is terminated. b. Secure access control measures:

· Only Employees that need access the personal information are given access to proper folders

· Each person has a unique password to the computer network. These passwords are not assigned by any vendor.

b. Encryption on Public Networks

We do not transmit unencrypted Personal Information across public networks under any circumstances.

c. Reasonable monitoring

Money Matters Financial Solutions performs a network security log audit every 30 days in order to detect any possible breaches.

d. Laptops and Portable Devices

  1. Any laptop or portable device which has personal information stored on it will be kept encrypted using a whole-disk or whole-device encryption solution at all times.

 

  1. Security Updates and Patches:

 

 

We use the [Firewall brand here] business class firewall and it is regularly monitored. Operating system patches and security updates are installed every 30 days to all of our servers.

     g. Antivirus and Updates

We use the [Antivirus brand here] Antivirus software and it is kept updated on all servers and workstations. Virus definition updates are installed on a regular basis, and the entire system is tested and checked at least once per month.

  1. Education and training of employees on the proper use of the computer security system and the importance of personal information security.

 

  1. All employees are responsible for maintaining the privacy and integrity of personal information. All employees have been trained that any paper record containing personal information about any client or third party must be kept behind lock and key when not in use.

 

    1. Any computer file containing personal information will be kept password-protected.
  1. Money Matters Financial Solutions trains all new employees on this policy, and there are also periodic reviews for existing employees.

 

 

XV. Effective Date 1/2/2023