The U.S. Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P which require investment adviser firms registered with the SEC to adopt written policies and procedures for incident response programs to address unauthorized access to or use of customer information including procedures for providing timely notification to customers affected by an incident involving sensitive customer information.
Category Archives: Incident Response Plan
In this new environment of working from home during the COVID-19 pandemic, it’s important for investment adviser firms to remember to conduct initial and ongoing due diligence of the cybersecurity policies and practices (including incident response plans) of third-party vendors which maintain confidential information of your investment advisory clients and provide services through the cloud over the Internet.
