Commitment to Information Security

Smith & Associates has established a comprehensive information security strategy to ensure our information’s privacy, security, confidentiality, integrity, and availability and to protect such information against unauthorized access, use, and dissemination.

Information security functions at Smith are managed by its information security program, which is a well-staffed, well-organized, and well-managed operation designed to comply with regulatory mandates and guidelines and to protect its information assets. The program’s responsibilities include assessing policies and guidelines, assessing/controlling/mitigating risk, threat evaluation, monitoring, coordinating emergency response, and communicating information security issues to Smith & Associates’ executive leadership.

Smith & Associates incorporates fundamental information security functions to comply with the evolving array of regulatory mandates, including

To ensure compliance with all relevant laws and regulations, the validation of all security functions is integrated into Company procedures. It is periodically evaluated by the information security team, the internal audit team, and the Company’s external auditors.

Smith & Associates concerns itself with all facets of information security, including the effective risk management of the technologies it uses. The Information Security Office (ISO) has been developed and tasked with ensuring the privacy, security, confidentiality, integrity, and availability of our information. As part of the Office of Information Technology, the ISO posture and assessments address such fundamental practices as information security policies, organization of information security, human resources security, asset management, access control, cryptography, physical and environmental security, operational security, communications security, system acquisition, development and maintenance of supplier relationships, information security incident management, information security aspects of business continuity management, compliance.

Smith & Associates utilizes modern technology solutions to meet information security goals. Some examples of technologies in use include anti-virus management software, host intrusion detection, network intrusion detection, firewalls, and vulnerability scanning tools. In addition, the integrity of all such programs is reviewed for their ability to be integrated into the Company’s procedures and are routinely evaluated and adjusted as needed.

Smith & Associates is committed to providing vigilant, strategic, proactive information security, employing the administrative, technical, and physical safeguards appropriate for a global institution of its size, complexity, and activities.