Security

We Take Security Seriously

We stay in front of cyber and data security trends and issues. See how we keep your data and information safe and secure.

 

Adherence to the Highest Standards

Orion Advisor Solutions and its subsidiaries have adopted an Information Security Management System (ISMS) and is ISO/IEC 27001 certified. This certification is the highest security standard in the technology industry and verifies that we possess the required internal controls to operate, monitor and maintain an ISMS that:

  • Meet both US and international guidelines
  • Has been and continues to be reviewed and approved by accredited ISO auditors

 

Coverage to Give You Peace of Mind

Orion has access to a total of $45 million in Miscellaneous E&O/Cyber coverage, including excess coverage layers. That means we have the resources and protection to alleviate your risk concerns.

  • Meet both US and international guidelines
  • Has been and continues to be reviewed and approved by accredited ISO auditors

 

Other Ways We Protect Your Data:

 

Identification & Assessment of Risks

  • Asset Inventory
  • Business Impact Analysis
  • Defined Security Roles
  • Monitoring of Regulatory Requirements
  • Internal/External Vulnerability Scans
  • Documented Risk Management Process
  • Impact Likelihood

 

Protection of Network and Info

  • Access Control
  • Awareness & Training
  • Data Security Policies & Procedures
  • Backup Procedures/Data Replication
  • Routine Testing/Scans
  • Encryption

 

Oversight of Vendors & Third Parties

  • Separate “Guest” Network Visitor Policy
  • Internal/External Vulnerability Scans
  • Third Party Policy Includes Cybersecurity Responsibilities
  • Routine Testing/Scans
  • Controlled Access

 

Access Controls

  • Multi-Factor Authentication
  • Need-to-Know Access
  • New Hire/User Access Forms
  • Changes to Access Require Authorization
  • Internal Audit Review
  • Controlled Remote Access

 

Response & Recovery

  • Incident Response Policy
  • Communication Plan
  • Forensic Analysis of Events
  • Policies & Procedures Routinely Updated
  • Mitigation Activities to Prevent Expansion
  • Plans include External Support from Law Enforcement
  • Cybersecurity Insurance Policy

 

Detection

  • Incident Response Policy
  • Event Correlation Software
  • Defined Security Thresholds
  • Continuous Monitoring
  • Anti-virus/Malware Programs
  • Internal/External Vulnerability Scans