Summary
This document is a guide detailing the Information Security Program implemented by AssetMark to ensure the security and integrity of data managed for financial advisors, clients, and vendors. It outlines various security controls, including governance and risk management, training and awareness, vendor management, security architecture, security operations, testing, and incident response. The governance structure includes multiple committees that oversee security-related risks and compliance. The Information Security Policy is reviewed annually and includes provisions for system access, IT governance, and physical security. The document also describes the Business Continuity Management Plan, which integrates disaster recovery processes and employee safety measures. Additionally, it covers vendor risk assessments and the implementation of security measures such as badge access, firewalls, and secure data transfers. Regular training for employees on security threats and incident reporting is mandated to maintain awareness and preparedness against potential security incidents.
