Encyro helps you comply with FINRA cyber-security requirements is the following ways:
- Encyro maintains the confidentiality and integrity of data as required by FINRA.
- Encyro uses US federal standards compliant (NIST FIPS 140) encryption technologies.
- To maintain data integrity, Encyro maintains encrypted data backups at multiple data centers, separated by hundreds of miles.
- Encyro maintains organizational data security procedures and policies consistent with FINRA, HIPAA and GDPR requirements.
- We provide you with audit logs (activity logs) of all account activity. These logs are maintained for all Encyro accounts and are available to you from the Settings page if you have an Encyro Pro (including the Encyro pro trial) account. Since all data and activity logs are retained and easily available, it helps you comply with data retention and FINRA audit requirements with ease.
- We make it easy for customers to send you encrypted messages and files (through the use of your Encyro upload page) – so they are less likely to fall back to email and put you at risk.
See the list of Encyro's data security and privacy safeguards here: https://blog.encyro.com/multiple-layers-of-security/
Since Encyro is not a broker, dealer, or investment company registered with the SEC, we cannot claim to be FINRA compliant ourselves. Rather, using our online service for your data security needs can help you become FINRA compliant.
The FINRA Small Firm Security Checklist (worksheet titled Section 3), recommended by FINRA here, asks you the following question related to your use of 3rd party services for your data: Do you transmit PII or firm sensitive information to a third party, or otherwise allow access to your PII or firm sensitive information by a third party?
To help you fill out your checklist, please see the suggested responses below for the items under that section:
|FINRA Section 3 Question||Suggested Response|
|Name of Third-Party Organization
|PII orFirm Sensitive Data transmitted to Third-Party Organization (Y/N)?
|Risk Severity Level
||High (see note below)|
|Is it necessary for the Third-Party Organization to access the data transmitted(Y/N)?
||Y (to provide secure data sharing with clients)|
|Have you assessed the Third-Party Organization to ensure that they have effective security practices (Y/N)?
|Arethere controls in place to isolate Third-Party Connections from your criticalassets (Y/N)?
||Y (Logout of Encyro.com and close the browser. At that point, no Encyro software runs on your computer or mobile device.)
|Remediation Needed? (Y/N)
Risk Severity level: This describes the risk associated with the data you store/share using Encyro. We have filled in “High” assuming you would share sensitive financial data that you and your customers want to keep completely confidential.