PURPOSE

The nature of our services requires that we obtain nonpublic, sensitive and confidential information about our clients and their service providers. The security and privacy of this information is of the utmost importance to BFS-MC Group. While it may be necessary to share your information in certain circumstances (i.e. conduct business on your behalf with life insurance carriers), we do not sell your information. BFS-MC Group takes the responsibility of protecting your information very seriously and has implemented technical, administrative and physical controls to safeguard all data. The following are just some of the ways BFS-MC Group works to keep client information safe.

TECHNICAL

BFS-MC Group Uses Layers of Technical Controls to Protect Our Clients’ Information

Antivirus
BFS-MC Group uses antivirus solutions to protect against malicious code that could compromise client information or damage company systems.

Email filtering
BFS-MC Group actively filters incoming email messages for phishing and spam attacks.

Encryption
BFS-MC Group encrypts client information accessed through online account access services to prevent unauthorized users from viewing that information. Company policies require client information stored on mobile devices used for business, including laptops, tablets, and smartphones, to be encrypted as well.

Firewalls
BFS-MC Group stores client information on its internal network, which resides behind a corporate firewall designed to prevent unauthorized external parties from accessing that data. 

System activity monitoring
BFS-MC Group uses a variety of resources to monitor systems to identify suspicious activity. Intrusion detection systems and data leakage protection systems reduce the risk of incoming attacks and information loss.

Administrative

BFS-MC Group Supplements Our Technical Controls with Processes, Procedures and Policies

Business need-to-know
Access to company systems is granted on a business need- to- know basis. Only those people who need access to a given system and its information to accomplish their job responsibilities receive that access.

Change control
BFS-MC Group uses a change control process to help ensure all changes to company systems maintain the confidentiality, integrity, and availability of those systems.

Corporate governance
BFS-MC Group has a strong governance system with multiple committees supporting information protection initiatives.

Cyber Security threat simulations
BFS-MC Group conducts cyber security threats via penetration testing to identify areas of program strength and opportunities for improvement.

Incident response
BFS-MC Group maintains a well-defined computer security and privacy incident response program, designed to contain and resolve any incidents efficiently and effectively. The program is periodically reviewed and exercised to train and ensure preparation for events.

Privacy
All new employees receive privacy training. In addition, an Enterprise Privacy team manages the privacy program for BFS-MC Group. Each department has a designated privacy liaison who supports the privacy program.

Internal and external IT auditors
BFS-MC Group’s internal and external auditors regularly review and assess BFS-MC Group’s information technology systems and operations.

Policies and standards
BFS-MC Group maintains written policies and standards for information protection. These policies and standards provide the foundation and guidance for BFS-MC Group’s information security, privacy, and risk management program.

Records management and sanitization
BFS-MC Group maintains a records management program that manages the lifecycle of BFS-MC Group’s information, including adherence to regulatory requirements and secure disposal of confidential information.

Risk assessments
BFS-MC Group performs risk assessments during the development and acquisition of information systems to help ensure those systems include appropriate protection of client information.

Security awareness
BFS-MC Group recognizes that end users are a critical component of an effective information security and risk management program. BFS-MC Group provides employees and financial representatives with security awareness and training, such as ongoing security awareness articles and events, training in company policies and standards, and simulated phishing exercises. 

Separation of duties
BFS-MC Group separates specific job duties to prevent a conflict of interest when appropriate.

Threat monitoring
BFS-MC Group works with internal teams and third-party industry security organizations to monitor its environment for existing and potential threats.

User access reviews
BFS-MC Group annually reviews user access to company systems to help ensure users maintain an appropriate level of access to those systems.PHYSICAL

PHYSICAL

BFS-MC Group Protects Your Information from Physical Harm and Theft

Building and data center physical security
BFS-MC Group controls physical access to its buildings and data centers. Restricted access helps to ensure the confidentiality, integrity, and availability of company systems and physical assets within BFS-MC Group.

Business continuity and disaster recovery planning
BFS-MC Group maintains and periodically tests defined business continuity and disaster recovery plans. These plans are designed to maximize the availability of company systems and information and recover from natural or human-made disasters as efficiently and effectively as possible.

Redundancy
As part of its business continuity and disaster recovery plans, BFS-MC Group maintains redundant data centers to help ensure the availability of company systems and client information.