The Securities and Exchange Commission (SEC) is responsible for ensuring fairness for the individual investor and to maintain the integrity of the securities markets. Rule 17A is a federal mandate covering overall record keeping for the financial services industry. Sections 17a-3 and 17a-4 combine to require broker-dealers to create and preserve for the required retention periods a comprehensive record of their securities transactions, and of their securities business in general, in an easily accessible manner.
SEC applies to financial services and the SEC 17A requirements match those of FINRA.
In a continuing effort to ensure data confidentiality, integrity, and availability, Eyonic strives to maintain industry compliance for data protection, handling, and accessibility. As such, we provide for the following aspects of SEC Compliance:
Eyonic's Online Backup Provides:
|Board Oversight||Our Board of Directors oversee our information security policy, are actively engaged with its policies and procedures, as well as working with our employee practices development team to ensure we take every reasonable precaution to safeguard our customer's data at all times.|
|Written Information Security Program||We have a comprehensive written Information Security Plan that clearly documents our policies and procedures for all aspects of our services. This Plan includes security controls that safeguard customer information by preventing and detecting the unauthorized creation of, addition to, modification of, or deletion of records. We ensure that our staff understand the importance of our Plan and operate by all policies and procedures. The Plan is reviewed annually to ensure it continues to meet the needs for which it was created in the evolving environments of business and technology.|
|Risk Assessment & Remediation||We annually evaluate our own internal controls and processes for effectiveness and accuracy to verify the best possible policies and procedures are in place.|
|Administrative Safeguards||As part of our security controls, each employee is given a clearly defined set of roles and responsibilities in protecting our customer's data. Employees are trained about the importance of information security, sign customer confidentiality agreements, and employee access is based on the lowest permissions necessary to accomplish the responsibilities assigned to them.|
|A set of clearly defined policies and procedures for all of our services ensure our staff understand and cooperate with these procedures.|
|Physical access to our data centers is limited and strictly controlled. Only those employees with a demonstrated need are permitted access. Access is controlled by a series of technical controls such as physically keyed and/or combination locks on cabinets and safes. Physical access is documented and logged.|
|Third-party data centers are not used in conjunction with our services.|
|To ensure the secure transmission and maintain the integrity of customer information, we utilize industry standard 256-bit encryption for all documents in transit.|
|Customer information is disposed of in a secure way including, but not limited to, micro-cut shredding of paper documents, and NSA, HIPAA and HITECH compliant drive destruction for broken or replaced storage media.|
|Activity logs include the complete audit history of who accessed, modified, or deleted files stored within our services.|
|Access to files is available only to customers using valid credentials through an authenticated login; no anonymous sharing of files.|
|Internal support personnel may access customer accounts for support purposes only, but cannot open, modify, or alter files in any way. Support personnel with this access are limited to the lowest access level necessary while still providing sufficient customer support.|
|Granular access controls allow access to be granted based on the user and/or folder level depending on the service type.|
|Part of our security controls are to continually gather and analyze new information regarding security threats and vulnerabilities to keep all systems as secure and up to date as possible.|
|We promptly revise our controls and procedures to adapt to new threats as they arise and ensure the effectiveness of our policies.|
Private information, financial or otherwise, stored with Eyonic Systems does not get shared, viewed, distributed, monitored, or copied by any third party which helps support SEC compliance for financial services. SEC is a financial services obligation and Eyonic Systems takes every reasonable safety precaution to protect the integrity of all private information stored within, which provides our customers with the tools needed to work in a SEC-compliant manner.
To learn more about SEC Compliance, financial services and regulations, please visit the SEC Interpretation: Electronic Storage of Broker-Dealer Records page.