CCM Security

Carlson Capital Management Security

We use many controls to protect data at Carlson Capital Management. Our electronic data resides in a secure data center, with a documented disaster recovery plan that includes redundant and failover servers, routers and switches. We employ an advanced access control framework that enables secure authentication, records logs of user activity and allows administrators to control which users have access to servers, applications, files, and folders. Limiting who has access to our system dramatically reduces the chance of an unauthorized party accessing confidential data. Data center operations staff follows a best practice system-hardening process to strengthen our core systems and network devices from potential attacks.

Data Center Security

Our hosting provider performs the following information security testing:

  1. Vulnerability Scans: Regular vulnerability scans are performed to help ensure systems are configured appropriately to reduce the likelihood that vulnerabilities will impact operations.
  2. Penetration Tests: Periodic penetration tests are performed to help ensure controls are operating as intended. Various scenarios have been used for different tests and processes continue to be changed periodically.
  3. Audits: SSAE 16 SOC 1 Type 1 and SOC 2 Type 2 audits help evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality and privacy.

CCM Client Portal

The CCM Client Portal provides secure and anytime access to CCM quarterly reports and other CCM communications. The majority of our clients are using the portal to access their reports. In addition to this being a secure delivery vehicle, not printing your reports (containing account numbers and balances) helps to mitigate identity theft as well.

We encourage you to consider the CCM Client Portal if you are not already utilizing this service. To register please click here, or you can call and speak with any member of our client servicing team.

CCM Business Risk Mitigation Committee

We have an internal committee of colleagues who meet semi-monthly to review the firm’s business practices and procedures with the intent of identifying and addressing potential areas of risk mitigation. The committee consists of our chief compliance officer, compliance administrator, two advisory team members, our corporate administrator, manager of client servicing, and directors of investments & research, marketing & communications and technology.

Fraud Prevention

An update from Schwab reported that more than 90% of fraud attempts reported by advisors involved a falsified email. In other words, fraudsters use malware to steal email login credentials, then contact advisors disguised as the client.

We share this with you to underscore the importance of our practice of not accepting trade, wire or account transfer requests via phone messages or email. All such requests are required to be made by a live phone call, or in person. We pride ourselves on knowing you and providing personal customer service at CCM and it is never our intent to offend you if we ask you to verify your identity—it is because of the increasing frequency of fraudulent attempts.

CCM Privacy Policy and Related Practices

Each year we provide you with our Privacy Policy which outlines how we handle and maintain confidential personal information as we fulfill our commitment and our obligations to protect your privacy. A link to that policy is included here for your reference.

We hope these communications on data security have been helpful to you. Again, please contact any of us at Carlson Capital Management if you have questions.

Quick Links

CCM In the News

Recent Posts from CCM