Exemplar Mortgages Limited provides regulated financial advice to retail clients associated with residential lending and holds confidential information about people’s assets and finances.
Virtually all levels of our business activity are related to technology, and we recognize that information systems and internet-connected devices are highly susceptible to malicious cyber activity.
This policy indicates the security practices we take to ensure our customers get the best value.
User Passwords
All devices that have access to Exemplar Mortgages Limited’s software (mobile phones, laptops, etc) are required to be password enabled and must be locked when left unattended, also the auto-lock setting must be enabled to minimise risks of information being compromised.
Login options from Google Workspace are prioritised when possible and we verify that passwords are unique between network devices and software.
Passwords are kept and managed using Password Safe and back-ups are run periodically.
Two Factor Authentication 2FA also noted as two-step verification is a requirement to login to our systems, reducing the risks of security breaches.
Culture and Personal Conduct
Maintaining client information confidential is one of the top values at Exemplar Mortgages Limited.
The importance of client’s confidentiality is highlighted to employees through:
- A confidentially agreement when employees sign a contract.
- Training provided to new employees as part of the onboarding process.
- Training when there are changes implemented by regulation entities.
Employees are encouraged to use all our cloud-based software when opening and reviewing client’s documentation, and avoid downloading any sensitive information to the laptop’s hard drive for extra security,
Access to employee’s laptops and mobile phones must be password protected and the auto-lock settings must be enabled.
Cloud Infrastructure
All our applications use third party service providers to store and process most of the information we collect. The use of cloud service providers offers several advantages:
- Built-in and enhanced security features like end-to-end data encryption. Information is encrypted on transit and when it is stored.
- Privacy and redundancy features (cloud servers are located overseas and databases are replicated for geo-redundancy as part of its Disaster Recovery Plans).
- The information stored or processed by them remains subject to confidentiality obligations.
- Our critical applications have logs enabled to allow us to monitor user’s activity and identify any breach in our database.
Hardware and Software
Hardware devices like laptops and mobile phones are automatically updated to receive the latest firmware, including security patches.
Our software providers have their own business continuity plans in place that provide the ability to monitor login activity and they have the ability to investigate, correct and recover information in the case of any security breach.
We require from our software providers the ability to use two factor authentication (2FA) to access their applications for an extra security layer.
Incident Management
Exemplar Mortgages Limited has a Business Continuity Plan in place that contains the steps required to be followed if there are suspicion or actual breach of data or systems.
All employees are required to report any security incidents so they can be properly investigated and mitigated accordingly. Any security incident will be managed as an opportunity to improve the services offered to you.
When a security incident is investigated and is assessed how it has affected specific parties; we will conduct a reporting to the required parties that can include the FMA, the Privacy Commissioner and affected clients when necessary.
Contact
For further information or to report any security issue, please contact admin@exemplarmortgages.co.nz