At Cetera Financial Group (Cetera) we recognize and respect the importance of our clients’ security, and we take the protection of our clients’ personal information seriously. Cetera provides our representatives with a variety of financial software to assist in the day-to-day maintenance of client accounts. This Internet Security Statement covers the measures that Cetera takes to help secure the personal information of our clients. Cetera maintains a comprehensive Information Security Program based on ISO 27001/27002 and NIST SP 800-53 standards. The program is comprised of administrative, technical, operational and physical safeguards that are designed to protect the personal information of our customers. Some of the core features of the program include:
- Policies, standards, processes and guidelines that govern information technology resources to protect information assets and safeguard personal information
- Technologies such as firewalls, encryption, endpoint protection, intrusion detection, intrusion prevention, Virtual Private Networks, log aggregation and analysis, SPAM Filtering as well as data loss prevention
- Verification of security controls conducted both internally and by independent third parties
- Ongoing internal and external threat and vulnerability assessment and remediation
- 24/7/365 monitoring of our systems and networks to detect weakness and potential intrusions
- Processes executed at consistent intervals designed to continuously assess and remediate potential security risks
- Continuous identification, assessment and management of enterprise and branch level risk
- Due diligence to manage risk when selecting and retaining external vendors and service providers that help us service your needs
- Continuous and mandatory security awareness program for all staff and branch personnel
- Continuous training of staff in financial and technology best practices, products and processs
Encryption technology is designed to secure personal and confidential communications between your computer and Cetera servers, so that they are protected from being read by any third parties. Cetera web and mobile applications require a minimum 128-bit TLS encryption, which is the de-facto industry standard for encrypting and safeguarding websites.
“Cookies” are small items of data that websites store in your browser. These data files contain information the site can use to track and organize the pages you have visited. Some Cetera websites use “cookie” technology to measure site activity and manage your active sessions. This helps us deliver a superior website experience that is fast, secure, and personalized.
Sessions and System Inactivity
All Cetera websites allowing access to client personal information require all users to log in with a user name and password. While you are logged in, if you leave your browser window open, Cetera applications will automatically log you out after a period of inactivity. Similarly, if you close your browser window or mobile application window without logging out, you will be automatically logged out. Both of these measures are designed to protect your information from unintended access by a passerby or different user of your computer.
Other Security Measures
Cetera engages in a number of other security activities to help ensure the safety and privacy of our clients’ personal information. Cetera’s Information Security Program is comprehensive and is designed to allow our representatives to use the tools and software we provide with confidence.
Note: Due to the ongoing nature of security monitoring, this Internet Security Statement is subject to change without notice to you, so we recommend that you review it regularly.
200 N. Sepulveda Boulevard, Suite 1200
El Segundo, California 90245