Data Protection FAQ’s

In today’s environment, cyber security is more important than ever. Laurel Hill has put in place a series of policies and protocols to ensure our- and our clients- data is protected.

 

DOES LAUREL HILL UTILIZE A MULTIPLE DATA BACKUP STRATEGY?

  • Laurel Hill processes and stores data primarily at the companies US headquarters located at
    2 Robbins Lane, Jericho NY 11788.

  • Additional/backup storage is located at the company’s Canadian headquarters in Toronto, ON, as well
    as at our Vancouver, BC offices.

HOW IS DATA ACCESSED?

  • Data is accessed via secure interface hosted by a custom version of Salesforce CRM.

IS DATA ACCESSIBLE REMOTELY VIA A DISASTER RECOVERY PROTOCOL?

  • Yes, data is accessible remotely via a secure SSL VPN interface.

IS THERE A RISK MANAGEMENT PROCESS IN PLACE?

  • Yes, our IT group monitors all processes and firewalls; monthly assessments are conducted and processes are modified according to industry trends or new developments, as needed.

HOW IS ORGANIZATION INFORMATION SECURITY (OIS) MAINTAINED AND MONITORED?

Organization Information Security is monitored and maintained in several ways:

  • Laurel Hill’s internal OIS Internal Policy is reviewed and updated yearly.

  • Each employee receives a background check and is required to sign the Employee Handbook which outlines
    our OIS procedures, and is required to review and accept the policy provisions prior to accessing the data portal
    every time they log on.

  • Employees who are working with sensitive data do so on a cloud-based custom version of Salesforce CRM ; downloading or local saving of data is blocked with our highly advance firewall.

  • In the case of employee termination, data access rights of said employee are removed immediately.

IS THERE AN ASSET MANAGEMENT PROGRAM IN PLACE?

  • All company hardware and software (licenses, etc.) assets are input into a data base and crossed referenced with the responsible employee.

  • Only IT and assigned senior management may access the Asset Database.

  • For Physical Media (documents sent to us by shareholders we are assisting, for example), there is a policy in place to ensure the document is destroyed/shredded prior to disposal.

  • Copiers, printers and fax machines utilize the 256*-bit Advanced Encryption Standard (AES) algorithm on all data before it is written to RAM and the hard disk drive. It also provides overwriting routines (up to 7-times overwrite) to ensure that all information is virtually irretrievable

WHAT ABOUT PHYSICAL AND ENVIRONMENTAL SECURITY?

  • Facilities and sensitive areas are protected by entry controls (e.g., lock & key, badge readers, touchpad entry) to ensure that only authorized personnel are allowed to access.

  • Our highly sophisticated surveillance systems of critical areas where footage is kept for 90 days.

  • PBX/telecommunication is controlled by using Voice over Internet Protocols (VoIP) networks, and all remote maintenance ports are located in the secure data center barring employee access.

HOW IS THE THREAT FROM VIRUSES OR MALWARE CONTAINED?

Laurel Hill’s Anti-Virus / Malware policy is forced from the IT department. All devices must have and are pre-loaded with anti-virus and Malware protection software.

  • Anti-Virus definitions are centrally managed from our servers and definitions are polling for updates
    every 15 minutes.

  • Anti-virus scans are performed on a scheduled basis once daily.

  • All operating system files and application access are locked down and require administrative access or
    application access permissions.

  • Laurel Hill’s IT department must allow devices MAC address on the network for access. Any device not
    allowed will be isolated and refused access.

IS THERE A BUSINESS CONTINUITY, BUSINESS RECOVERY OR DISASTER RECOVERY PLAN IN PLACE?

Our Business/Disaster Recovery plan addresses the following scenarios:

  • Fire; Severe Weather; Natural Disasters; Terrorism; System Failures; Pandemic; Political Unrest; Cyber Event.

  • Our plan ensures no more than 48 hours of outage for access to data; the average is less than 24 hours.