As your financial advisors, safeguarding the personal and financial information you have entrusted to us and our team is of paramount importance. Of the many reasons we choose to partner with Commonwealth Financial Network® to help us manage your financial life, there is none more important than the comprehensive level of information security the firm provides.
We hope the information below answers the key questions you have regarding your data and how it’s handled. Of course, if you would like to discuss anything, please don’t hesitate to contact us.
All of the financial and personal information that is accessible to us and others in our office is managed on computers connected to Commonwealth’s proprietary, secure network. Each person in the office with access to your data has a unique secure login, and are required to change our passwords every 90 days. Your data is kept at multiple redundant data centers managed by Commonwealth, which implements strong security controls to protect the confidentiality, integrity, and availability of your information.
Commonwealth has implemented policies and procedures, including a written information security program (WISP) designed to safeguard our clients’ personal information and assets. Commonwealth’s WISP complies with all applicable privacy and data security laws, and Commonwealth regularly reviews it to address and mitigate new risks as they develop.
Commonwealth uses sophisticated programs that monitor the transmission of sensitive client information. In addition, it has policies and procedures in place to verify customer inquiries and transaction requests.
Commonwealth has an Information Security team that investigates all incidents of privacy intrusion. The team determines the scope of the incident and which clients may have been affected. Commonwealth will notify clients if there is a material risk that an unauthorized party has accessed any client information and whenever notification is required by law.
In general, once it has been determined that an unauthorized transaction has occurred, Commonwealth will promptly reimburse clients for losses.
Commonwealth has obtained a privacy liability and network risk insurance policy to cover the costs associated with investigating and responding to breaches of client information. This policy covers, among other things, the costs associated with determining the scope of a breach, notifying clients, and offering credit-monitoring services to affected clients.
Yes, Commonwealth conducts ongoing risk assessments to determine cybersecurity threats and vulnerabilities that may impact its business. The firm performs cybersecurity risk assessments using third-party security companies, internal technology professionals, and internal audit staff. In addition, Commonwealth employees and advisors are trained to proactively identify and report potential risks to the Information Security team.
Yes, as noted previously, Commonwealth has a WISP in place, as well as various policies and procedures designed to protect client information. Its Information Security program deploys a defense-in-depth strategy, in which multiple layers of security are used. Safeguards include key-access door controls, network access and authentication controls, and data-loss-prevention software that monitors sensitive information into and out of the network.
Members of Commonwealth’s Information Security and Technology departments regularly review and perform internal audits of the firm’s policies and procedures to ensure restricted access to clients’ sensitive information and also to ensure that Commonwealth is compliant with all federal and state regulations.
Yes, Commonwealth maintains a $20 million privacy liability and network risk insurance policy to cover the costs associated with investigating and responding to breaches of client information. This policy covers, among other things, the costs associated with determining the scope of a breach, notifying clients, and offering credit-monitoring services to affected clients.
Yes, Commonwealth has hired several technology firms that specialize in information security to perform risk and vulnerability assessments and penetration tests. In addition, its Information Security team employs an experienced and credentialed staff of technology and privacy professionals.
Yes, all agreements with third-party service providers who may access sensitive client information include confidentiality language that describes each party’s obligations with regard to how they handle sensitive information. In addition, Commonwealth performs initial and ongoing due diligence on third-party service providers.
Yes, Commonwealth employs advanced encryption, state-of-the-art firewall technologies, and advanced antivirus and antimalware programs. Data is encrypted using advanced encryption algorithms.
Commonwealth’s policy requires all electronic communications with sensitive information to be sent via encrypted e-mail. Commonwealth provides us with a secure e-mail system for use when e-mailing sensitive information. In addition, Commonwealth policy requires us to verify all third-party distribution requests directly with our clients via telephone.
