STATEMENT ON CYBER AND INFORMATION SECURITY
At Leading Retirement Solutions, Cyber Security is paramount. The multi-faceted principles of keeping sensitive information secure and providing assured protection of retirement plans, plan sponsors and their participants is a substantial ever-evolving focus for LRS. With an emphasis on high technological standards, we stay ahead of the cyber security curve and lead you toward peace of mind that your savings and investments are protected. Here is a summary of the measures we take as company to support the value of security.
The EBSA (Employee Benefits Security Administration) has outlined best practices for services providers for plan-related IT systems and data, so that retirement plan fiduciaries can make prudent decisions about their service providers. Leading Retirement Solutions’ best practices include but are not limited to:
- LRS Has formal cybersecurity policies and best practices. These are reviewed throughout the year and updated as-needed. Staff training and updates occur frequently.
- LRS performs risk assessment and security control audits.
- LRS engages in annual third party audits of security controls.
- All LRS staff commit to keeping client and corporate information secure. LRS promotes a culture of transparency and constant improvement – staff are empowered to speak up when they have ideas, questions, and/or notice issues.
- Staff only have access to systems on an as-needed basis. Strong passwords, secure connections and multi-factor authentication are implemented as-available on all systems.
- LRS performs annual reviews of 3rd-party cloud systems and contracts to ensure certifications are maintained and best practices are updated accordingly.
- Formal Cybersecurity awareness training occurs at least annually, with periodic training as-needed, including to address industry updates/changes or significant events that happen related to cybersecurity events.
- Best Practices and policies are frequently reviewed and updated. Hardware and systems that no longer meet LRS standards are removed from the ecosystem.
- LRS has a robust business continuity plan that is reviewed several times per year and updated as changing needs and priorities may demand.
- Sensitive data is encrypted, as is transport of data between systems. LRS provides clients and partners access to secure file/data transfer tools.
- Technical controls are in place to ensure best practices are followed and working in accordance with LRS Cybersecurity policies.
- LRS has a robust network of partners to work with if/when any issues arise with systems (whether it be outages, hardware issues, cybersecurity threats, etc.)
LRS Cyber Security Policies:
Our Cyber Security Policies are consistently discussed with our team, we host interactive meeting discussions in conjunction with our documented policies to stay ahead of potential security risks and measures relative to handling sensitive information. Policies are acknowledged with thorough review and signature by each of our team members upon hire and renewed on an annual basis. In addition to the scheduled review and signing of policies, our policies are available to our team members at any time to stay current and informed on any Cyber Security Policies. Our Cyber Security policies include but may not be limited to:
- Administrative Policies
- Incident Response & Business Continuity Policies
- Mobile & Removable Device Policies
- Technical Policies
- Disaster Planning and Maintaining Business Continuity Policies
LRS Quarterly Cyber Security Trainings:
These online interactive courses cover the basics of privacy/data security for individuals who handle sensitive information. Courses are assigned, and course completion is tracked for compliance and regulatory purposes. In addition to the scheduled quarterly trainings, our training modules are available to our team members at any time to stay current and informed on any Cyber Security Industry updates. Our Cyber Security Trainings include but may not be limited to:
- Introduction to Breaches
- Social Engineering
- The General Data Protection Regulation
- Data Security
- Safeguarding Information
- Payment Card Industry (PCI) Training
- Healthcare Training
LRS Best Practices-Team Knowledge Center:
Our Best Practices-Team Knowledge Center holds many reference materials that are easily accessible to all team members at any moment. It is important that team members have tools easily at hand to support and maintain a high standard of security. Best Practices reference materials are reviewed and updated as needed on an annual basis. Our Cyber Security Best Practices include but may not be limited to:
- Securing your work environment
- Communicating securely
- Protecting information
- Working Safely
LRS Business Continuity Plan:
The Leading Retirement Solutions Business Continuity Plan (BCP) is designed to maintain all essential business operations in the case of any emergency. The plan is annually tested via several disaster scenarios and in response to testing, are annually reviewed for needed updates. Our practice of annual testing of our Business Plan, allows us to create an opportunity for LRS to identify and examine the issues and capability gaps they are likely to face in recovering from business operation disruptions in multiple scenarios. In addition to the scheduled annual events mentioned, our Business Continuity Plan is available to our team members at any time to stay current and well informed on the measures we take to maintain our business continuity in potential unforeseen circumstances. Our Business Continuity Plan includes but may not be limited to:
- Program Administrations
- Business Continuity Organization
- Business Continuity Team Organization Chart
- Business Impact Analysis
- Business Continuity Strategies and Requirements
- Incident Management
Leading Retirement Solutions
(206) 430-5084 phone
(800) 974-2814 (toll free)
service@leadingretirement.com
www.leadingretirement.com
Our mission: to proactively support organizations and lead them toward a secure future.