Ensuring the safety of customer data is a top priority for Envision. Here we briefly outline the policies we apply in our cybersecurity work to identify and mitigate risks.
Guiding Principles
At the heart of our cybersecurity strategy lies a multi-layered approach, leveraging industry best practices and frameworks such as ISO 27001/2, NIST 800 series, and FINRA guidance. These frameworks provide a solid foundation for addressing evolving cybersecurity challenges and ensuring compliance with regulatory requirements.
Software Development
Our software development practices are guided by stringent controls and best practices derived from ISO standards and OWASP guidelines. By aligning our development practices with industry risks and employing auditable controls, we ensure that our software incorporates relevant best practices from inception to delivery.
Our secure application development policy encompasses key areas such as risk-ranking software modules, delineating roles in development, and emphasizing authentication and authorization. Additionally, we conduct thorough in-house and third-party security testing to identify and address vulnerabilities in internet-facing applications.
Software Delivery
For managed service offerings, we integrate ISO 27002 best practices with our hosting partner's protocols to fortify data security and monitor access points for intrusion. Regular vulnerability assessments and penetration tests are conducted to identify and mitigate potential areas of exposure.
Testing
Beyond implementing controls, we subject our systems to annual audits by external auditors, including SOC 1 and SOC 2 examinations of our datacenter provider, to validate their effectiveness. Additionally, we conduct preventative reviews and post-development testing to ensure the security of internet-facing applications and infrastructure.
Protecting Data Across Its Lifecycle
Addressing data in all its phases—from rest to transit to use—requires a structured, risk-based approach to cybersecurity. Data at rest must be protected through encryption and access controls, while data in transit should be safeguarded using encrypted connections. Data in use should adhere to the principle of least privilege to minimize the risk of unauthorized access.
Conclusion
Safeguarding data in today's digital age demands a comprehensive cybersecurity approach. By adhering to industry best practices, engaging in independent verification methods, and adopting a structured approach to data protection, financial firms can mitigate risks and ensure the confidentiality, integrity, and availability of sensitive information.