DATA PRIVACY MANAGEMENT
As referenced in the CMS system, the firm is diligent in maintaining data security, both physical and electronic security, and administrative controls to avoid any loss of privacy and data.
1. Secure access in all egress and egress points to any of our offices.
2. Secure access between public waiting areas and non-public firm offices.
3. Secure access to file rooms and server rooms.
4. Use closed-circuit monitoring throughout the office and exterior to the building.
1. Use of secured data transfers, including encrypted email and related programs.
2. Use of firewall.
3. Employee third-party interest site access restrictions.
4. Maintenance of security patch updates;
5. Use of secure offsite backup for encrypted data.
6. Continuous scanning for viruses and malware throughout our system.
7. Frequent security integrity scans.
8. Oncoming claims data is managed electronically.
1. New user security policy.
2. Clean decks policy and security policy including visitor policy.
3. Approval for any use of removal media by employees and third-party vendors.
4. Security integrity policy.
5. Document retention and purging policy.
Saldutti Law Group is an effective security and compliance partner in:
- SOC-1 Type 1 Certified
- Vulnerability assessment and penetration testing
- ISO 27001/2
- Shared Assessments – standardized information gathering questionnaire and/or agreed upon procedure assessment preparation
ONGOING COMPLIANCE GUIDELINES
The firm continually undertakes risk assessment and maintains an ongoing review concerning risk both internally and externally. The firm continually evaluates clients' requirements concerning intricate compliance in regulatory area. The firm takes extensive steps in order to understand its regulatory responsibilities and intricacies of the financial markets.
Saldutti Law continually upgrades its operational efficiencies in order to reduce errors and provide quality assurance to our financial and other creditors. Our state-of-the-art service delivery model allows for operational efficiencies.
The firm maintains extensive written policies and procedures concerning the above areas. The firm maintains extensive training procedures, including job specific training, to ensure full compliance with all company policies and procedures. These include current threat assessments and constant security awareness training.
Saldutti Law undertakes vigorous vendor management overview and oversight, including non-disclosure agreements and related investigatory processes to ensure that the risk and information security and regulatory compliance requirements are met.
The firm's security controls continually assess confidentiality, integrity, and availability. The CIA is critical to the firm's success and in the environment that the firm operates and conducts its business on behalf of its clients. The firm has been on the cutting edge for business continuity and disaster recovery plans, including data backup and network monitoring and cross-training employees. The firm's implementation of various procedures and processes has allowed it to achieve continued success with third-party vendor audits.
If you have any questions or would like to further review Saldutti Law Group's Compliance and Privacy Regulations and Guidelines, please contact us here.