Information security & privacy policies
Protecting data is imperative to maintaining our stakeholders’ trust. Our Global Security program promotes all aspects of information security risk and considers the confidentiality, integrity and availability of information assets in order to protect information assets. Our security controls, which identify threats, detect attacks and protect these information assets, are aligned with industry guidelines and applicable statutes and regulations. We have an incident response program that includes periodic testing and is designed to restore business operations in a secure manner.
We also have a privacy oversight and governance framework that includes our privacy strategies, privacy policy, guidance for maintaining compliance with privacy regulatory obligations and our approaches to managing risks related to privacy.
All security policies and standards align with the National Institute of Standards & Technology Cybersecurity Framework and applicable industry frameworks (e.g., ISO, FFIEC) and have been developed, reviewed and approved to support appropriate management of identified risks, align with regulatory and industry guidelines and safeguard Castle Finance Management’s assets. In addition, Privacy Impact Assessments are carried out as part of risk management for certain higher-risk processes undertaken by, or on behalf of Castle Finance Management.
Transparency & privacy notices
We provide our clients with privacy notices and policies aligned to the services we offer and applicable local regulations. Our privacy notices outline aspects such as personal data we collect, why we collect it, how we use it and any and all rights applicable to such data.
Security & privacy expectations for vendors & service providers
We expect vendors and service providers to abide by our information security and privacy standards. Our global vendor relationship management program standardizes our approach for security and privacy risks related to the relationships we have with vendors and service providers.
As part of the global vendor relationship management program, our Global Security department has a defined third-party security and privacy risk program. Third-party security and privacy due diligence is performed during onboarding of a service and on a defined frequency, based on the risk tiers. The due diligence covers information (cyber) security, business recovery, privacy, technology management, and physical and personnel security expectations. We employ a robust process of questionnaires, third-party follow-ups and site visits when needed to evaluate and monitor these key risk areas.
Security & privacy training
To keep our employees, contract consultants and temporary employees abreast of security and privacy best practices and protocols, we provide them with regular training, including an annual mandatory security and privacy awareness training. Employees in business functions that interact regularly with customer data also participate in tailored security and privacy training.
We also require new employees, contractors, consultants and temporary employees to formally acknowledge Castle Finance Management’s Acceptable Use Policy and Code of Conduct, in addition to completing mandatory security and privacy awareness training upon hire. Existing employees, contractors, consultants and temporary employees must reconfirm acceptance of Castle Finance Management’s Code of Conduct on a regular basis.
We continuously promote security and privacy awareness through periodic alerts, messages and/or in-person presentations. One of the hallmarks of the 2021 security awareness program was offering topics that are relevant to recent external events or threats specific to Castle Finance Management. Castle Finance Management security awareness promotes a culture that advocates employees to report a security concern 24.7.365. Building on these initiatives, we implement security and privacy tools and exercises that provide additional concentrated messages and training. These include phishing tests, which are designed to simulate security and privacy events and incidents. These tools and exercises allow us to better assess our employees’ recognition of such events and inform new training and awareness programs that further our cyber and information security.
Security & privacy governance
It is our fiduciary responsibility to maintain the confidentiality of information relating to our clients and comply with the data protection requirements imposed by relevant jurisdictions. As such, we’ve established the proper maintenance, controls, processes and protection for our clients’ assets.
The Global Security Department (GSD) brings together Information Security, Global Privacy Office, Business Continuity & Operational Resilience, Corporate Security, Business Security Officers and Strategy, Projects & Governance in collaboration with Global Intelligence & Threat Analysis. This structure provides a comprehensive, holistic approach to keeping our clients, employees and critical assets safe while enabling a secure and resilient business.
The department is distributed globally to most efficiently provide the appropriate level of support anywhere in the world at any time, while simultaneously maintaining strong working relationships with industry peers, regulators, and intelligence and law enforcement agencies in those locations.
Changes to this Statemen
Castle Finance Management may change this Statement of Privacy from time to time to reflect company and consumer input. Castle Finance Management invites you to review this Statement on a regular basis to stay up to speed on how Castle Finance Management is protecting your information
Unsubscribe
We value your privacy and provide you with the option to opt-out of getting certain notifications. By emailing us at Castle Finance Management, users can opt out of receiving any or all messages from Castle Finance Management.
Castle Finance Management will never share your personal info with third parties