Bates Group partners with Summit Security Group to deliver cybersecurity policy expertise, recommendations, and policy templates, as well as a full suite of services for Registered Investment Adviser (RIA) firms, broker-dealers, and hybrid firms. Our comprehensive solutions provide both insights into the security weaknesses of your operating environment and as well as deliver the support you need to meet compliance obligations and objectives.
Annual Compliance Gap/Risk Assessment
During this type of engagement, our expert consultants will work with your firm to evaluate the cybersecurity safeguards currently in place as well as which investment adviser cybersecurity policy practices and safeguards fall short of industry standards or fail to meet regulatory requirements. This type of assessment is performed through interviews with key members of the staff, a virtual or physical facility walk‐through, document reviews, etc. The assessment results in a deliverable to your firm, describing gaps between operations and regulatory requirements and industry standards, as well as the potential risks associated with each gap. The report provides a list of recommended actions needed to close gaps in a firm’s cybersecurity policy and practices and reduce risk to a level deemed acceptable by the client
Internal Vulnerability Assessment and/or External Penetration Test
This type of engagement measures the ability of your firm’s technical infrastructure to withstand an attack launched by someone seeking to undermine the security of the systems or any data stored within them. During this type of assessment, security engineers use a variety of technical tools coupled with manual testing techniques to discover, describe and test weaknesses in the system. The result of this type of testing is a technically detailed report that documents vulnerabilities and weaknesses that could be exploited to compromise the confidentiality, integrity or availability of a firm’s systems and data. Our deliverable contains detailed technical proofs of concept and, like all our reports, recommended steps that should be taken to eliminate vulnerabilities and reduce risk
Policy and Procedure Development
The documentation of a thorough cybersecurity policy and a complete set of procedures is essential to maintaining a robust cybersecurity program and demonstrating compliance. Working with your firm, our team of experts can craft cybersecurity policies, operating manuals, or provide an investment adviser cybersecurity policy template describing the steps that staff need to take to protect your confidential data and support regulatory compliance.
Staff training is a critical component of a healthy cybersecurity program. Our team will work with your firm to provide cybersecurity training that covers industry standards and will help them understand critical areas of risk so they can implement appropriate processes. The training is designed to enhance your team’s overall understanding of your investment adviser's cybersecurity policy and security best practices as well as threats to your environment.