Effective Date: September 10, 2021
OneVest (“us”, “our”, “we”) maintains security practices to protect you (the “User”) and the information you provide to us from loss, theft, or otherwise unauthorized use and misuse. We take security very seriously and want to keep you informed as to the steps we take to keep you safe and informed without divulging so much as to unnecessarily expose details.
- All of our services are hosted by AWS and protected under their security practices
- Application services are provided via a minimum of two availability zones and operate under a pilot light model in case of unexpected outages
- We maintain and practice a Business Continuity & Disaster Recovery Plan, including practicing tabletop exercises
- User account data is mirrored, regularly backed up, and stored in Canada and Europe
- We perform regular, and varied penetration testing via third parties to assess vulnerabilities in our applications and services, with any issues promptly remediated
- We maintain a Responsible Disclosure Policy, to facilitate the safe reporting of vulnerabilities discovered in our product or platform
- Third-party vendors, suppliers, and contractors are evaluated for compliance with our security policies and standards
- Our offices are secured with keycard access and are monitored with cameras throughout
- Our offices are further physically segmented from common spaces and areas where others may have access
- All staff are trained on security best practices during onboarding, and throughout their employment, as necessary;
- All staff undergo credit and criminal background checks as a prerequisite of employment;
- Access to tools, personally identifiable information, and production data is limited to a need-to-know basis.
- All employee devices are encrypted, follow strong password policies, and use two-factor authentication (2FA) whenever available