Investment advisers must protect records that contain certain clients’ non-public, personal information. In efforts to safeguard client records and information, investment advisers should have in place a written information security plan. The main purpose of developing and implementing a strong written information security plan is to make sure that investment advisers have written policies and procedures in place to protect clients’ personal information. Investment advisers’ information security written policies and procedures must be reasonably designed to ensure the security and confidentiality of client records and information and to protect such records and information against any anticipated threats, hazards or unauthorized access or use.