Carlson Capital Management Security
We use many controls to protect data at Carlson Capital Management. Our electronic data resides in a secure data center, with a documented disaster recovery plan that includes redundant and failover servers, routers and switches. We employ an advanced access control framework that enables secure authentication, records logs of user activity and allows administrators to control which users have access to servers, applications, files, and folders. Limiting who has access to our system dramatically reduces the chance of an unauthorized party accessing confidential data. Data center operations staff follows a best practice system-hardening process to strengthen our core systems and network devices from potential attacks.
Data Center Security
- Vulnerability Scans: Regular vulnerability scans are performed to help ensure systems are configured appropriately to reduce the likelihood that vulnerabilities will impact operations.
- Penetration Tests: Periodic penetration tests are performed to help ensure controls are operating as intended. Various scenarios have been used for different tests and processes continue to be changed periodically.
- Audits: SSAE 16 SOC 1 Type 1 and SOC 2 Type 2 audits help evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality and privacy.
CCM Client Portal
We encourage you to consider the CCM Client Portal if you are not already utilizing this service. To register please click here, or you can call and speak with any member of our client servicing team.
CCM Business Risk Mitigation Committee
We have an internal committee of colleagues who meet semi-monthly to review the firm’s business practices and procedures with the intent of identifying and addressing potential areas of risk mitigation. The committee consists of our chief compliance officer, compliance administrator, two advisory team members, our corporate administrator, manager of client servicing, and directors of investments & research, marketing & communications and technology.
We share this with you to underscore the importance of our practice of not accepting trade, wire or account transfer requests via phone messages or email. All such requests are required to be made by a live phone call, or in person. We pride ourselves on knowing you and providing personal customer service at CCM and it is never our intent to offend you if we ask you to verify your identity—it is because of the increasing frequency of fraudulent attempts.
We hope these communications on data security have been helpful to you. Again, please contact any of us at Carlson Capital Management if you have questions.