Comprehensive Data Security and Risk ManagementTerrapin Technologies is dedicated to the protection of client data. Robust security capabilities give clients peace of mind knowing that their digital assets are safe. As an aggregator of data, Terrapin is by definition entrusted with large amounts of highly confidential client information and hold the security of that data to be critical. Terrapin works relentlessly to maintain the confidence of their clients and to stay abreast of all technical and procedural best practices regarding the security of their data. Terrapin continuously enhances the tools and procedures that are used to enforce security and risk management policies. The following is an overview of the key components.
SOC 2 Type II AuditedThe American Institute of Certified Public Accountants (AICPA) created the SOC 2 standards to govern how service providers, like Terrapin, protect client information. The SOC 2 has become the industry standard when it comes to service organizations having to perform annual compliance audits.
Risk MitigationTerrapin undergoes regular and rigorous internal security audits, penetration testing, and comprehensive client risk assessments. An effective risk management program is an ongoing commitment within Terrapin and an essential component to identify and mitigate threats to information assets.
Data EncryptionEncryption in Transit
- IDS/IPS – Intrusion Detection and Prevention.
- SFTP for secure file transmission.
- PGP encryption for data files.
- 2048-bit RSA certificates.
- Data is stored in the proprietary Oracle format.
- File servers and database files are encrypted using full-disk encryption protocol.
Disaster RecoveryTerrapin has multiple, geographically separated, data centers. All production hardware is replicated in the disaster recovery environment via real-time, bit-level data replication. In the event of a disaster, all operations run in the disaster recovery environment with all critical communication channels duplicated there. Terrapin’s disaster recovery plan undergoes rigorous testing on a quarterly basis.
Recommended Resources:AICPA SOC for Service Organizations: Trust Services Criteria: https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html NIST Cybersecurity Framework: https://www.nist.gov/cyberframework FINRA Report on Cybersecurity Practices: https://www.finra.org/file/report-cybersecurity-practices SIFMA Cybersecurity Resources: https://www.sifma.org/cybersecurity-resources/
Get the latest from our blog
Insights, advice, and best practices to help investment services firms grow their business.