Question 1

How do you protect data?

Derek DeHoog · Accepted Answer

FRM maintains an Information Security Program, administered by an employee or employees, which is anticipatory of foreseeable threats or hazards for attacks, intrusions, unauthorized access, system failures, alteration, destruction, or breach of confidentiality of FRM Content and Portal by way of: (a) using administrative, technical, and physical safeguards (collectively, “Safeguards”) to protect FRM Content and Portal; (b) reasonably designing, periodically reviewing, regularly testing, monitoring, and risk assessing Safeguards (collectively, “Safeguard Reviews”); and, (c) modifying and upgrading systems, system controls, procedures (including training of employees and management) as informed by the results of those Safeguard Reviews. Highlights of FRM's Information Security Program includes:

•A full time Chief Information Security Officer who is a Certified Information Security System Professional (CISSP);

•Bi-annual internal audits against ISO 27002:2013;

•Annual network penetration testing of external, internal, and special use applications;

•Mature, tested, and written BC-DR Plan with annual table top exercises and system fail overs to geographically disperse data centers mirrored at the level of operating system and application layers with live time replication of data layers to North American East and West coasts; and,

•Cyber Insurance.

Question 2

How do you protect data?

Derek DeHoog · Accepted Answer

FRM maintains an Information Security Program, administered by an employee or employees, which is anticipatory of foreseeable threats or hazards for attacks, intrusions, unauthorized access, system failures, alteration, destruction, or breach of confidentiality of FRM Content and Portal by way of: (a) using administrative, technical, and physical safeguards (collectively, “Safeguards”) to protect FRM Content and Portal; (b) reasonably designing, periodically reviewing, regularly testing, monitoring, and risk assessing Safeguards (collectively, “Safeguard Reviews”); and, (c) modifying and upgrading systems, system controls, procedures (including training of employees and management) as informed by the results of those Safeguard Reviews. Highlights of FRM's Information Security Program includes:

•A full time Chief Information Security Officer who is a Certified Information Security System Professional (CISSP);

•Bi-annual internal audits against ISO 27002:2013;

•Annual network penetration testing of external, internal, and special use applications;

•Mature, tested, and written BC-DR Plan with annual table top exercises and system fail overs to geographically disperse data centers mirrored at the level of operating system and application layers with live time replication of data layers to North American East and West coasts; and,

•Cyber Insurance.