<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=378468&amp;fmt=gif">

Our experts partner with compliance teams around the world to provide customizable, user-friendly software solutions designed to simplify every-day compliance processes while ensuring you meet the strictest regulatory standards.

Our system offers a host of benefits and reassurances for compliance leaders, compliance teams and technology specialists.

Automated conflict of interest detection and mitigation helps your compliance teams work better, faster and more effectively. The rigor of our reporting, surveillance, certification and security systems provides complete peace of mind for Chief Compliance Officers and board members.

Helping you to detect and prevent market abuses that could jeopardize your reputation and regulatory compliance. Actively manage insider lists and investigate employee trading in the context of current market activity and events.

Clear deals faster. Centralize deal data. Reduce your risk. Compliance Control Room lets you organize, manage, and monitor your firm's most important information flows from a single platform.

Whether for work or pleasure, it’s a mobile world. And a mobile workforce calls for mobile solutions. Introducing STAR Mobile. With STAR Mobile, employees pre-clear activity and report transactions on-the-go. Supervisors review escalated requests anywhere there’s a cell connection.

Helping you to actively manage employee trading in the context of market activity and events to guard against insider trading.

Create unlimited projects to easily manage and monitor dynamic lists of employees who have access to insider information.

Compliance Control Room's enterprise-level single platform centralizes all your firm's deal-related activity—letting you manage control room activities more efficiently and effectively.

Increase employee participation. Increase data accuracy. Increase responsiveness. STAR Mobile is a native app that makes compliance simple, easy, and convenient.

Vetting A Compliance Vendor: Why Data Security Can Make All The Difference

Looking for a differentiator? Information security will reveal more than you think

Data makes the world go round. It's practically a new currency. And like any currency, at some point someone will try to steal it.

This is exactly what's happening. Data thefts from companies large and small are very common and unlikely to subside anytime soon. In 2017, 179 million records were exposed: the result of 1,579 reported data breaches. In 2015, the financial services industry alone lost $28 million to data theft. A compliance vendor's approach to data security can teach you a lot about the company as whole. It's a perfect differentiator for the age of Big Data.

Let's get physical
Building a data operation is like building a house. You don't build on anything but the best foundation. In IT terms that means servers and routers but it also means physical security, like locating the data center in an unmarked structure. It means fencing, guards, x-ray machines, and biometric checks. It means false entrances and vehicle blockades. It means locked server cages and cabinets. It means climate control and fire-suppression systems, because data can be compromised for reasons other than theft.

Next up is the server hardware itself. A good vendor replaces its servers on a regular basis, rather than getting by on old equipment that's increasingly vulnerable to failure. A good vendor also uses trusted technologies, backed by support and maintenance agreements that address the criticality of the supported service and ensure vulnerabilities can be addressed as they arise. Because they will.

On to network topology. Tier-3 is state-of-the-art. It means more redundancy. It means components can be replaced without interrupting data-center operations, and that the data center will operate at 99.98% availability. After that come failovers, so if a firewall has a failure another kicks in. Then there's virtualization software, also known as a hypervisor. This lets a single server host multiple virtual servers and shifts workload if a physical server suddenly dies. These layers of redundancy, at the hardware level and in the software stack, significantly reduce the probability of client sites going offline.

And don't forget about certifications. ISO 22031 addresses business continuity, certifying a company has plans in place for disruptive incidents. ISO 27001 is also critical. But remember, all these certifications mean minimum standards have been met. Press the vendor to determine if it's gone beyond them. In other words, due your due diligence.

A differentiator for the age
Moving nearer the top we come to technical controls. Defense-in-depth means data defenses working at multiple levels in the network. It means layers and levels and the firewalls in between. Beyond these processes at work in the guts of the network are endpoint security systems. Anti-virus and anti-malware software. Security information and event management systems. Patch management solutions. DDoS protection. A vendor serious about data security will also perform vulnerability tests on its own systems.

Finally we come to administrative security. In terms of the compliance software itself, look for a single-tenancy model. Look for single sign-on and roles-based access control. Look for granular user-permissions and encryption of data in-transit and at rest. Ask about visibility walls. Data privacy is more and more seen as an integral part of data security. Determine if the software development life cycle includes static-application security testing, static-code analysis, and developer secure-code training.

Look for a vendor that understands the genuine benefits of seemingly simple things, like staff awareness and privacy training. And always keep in mind that security frameworks are continually evolving. Or rather, they should be. A good compliance vendor is continually looking for improvements across the framework. This is the general attitude and operational philosophy your prospective vendor should be getting across to you.

Compliance software vendors serve the needs of those in the financial industry. But while these specialist vendors need vast amounts of financial industry expertise to do what they do, they're far more software development companies than anything else. When vetting a compliance vendor, there are numerous aspects of the business you could focus on as a differentiator. Information security is one whose time has come. A vendor that takes data security seriously is a company to be taken seriously at every level.

For a more in-depth look at information security, and a step-by-step guide for using it to select your compliance software vendor, download a FREE copy of our latest deep-dive StarCompliance resource: 

New call-to-action




Recent Posts

Subscribe to Blog