Last Updated: 07/12/2019
Last Reviewed: 1/13/2021
Although Sycorr does not provide details of our key policies for public consumption, this notice outlines key aspects of policy and guidelines approved to be publicly distributed. As a matter of standard business practice, Sycorr’s has the following policies in place with key elements of each policy highlighted below. All policies are reviewed, at minimum, on an annual basis. The executive team is responsible to verify compliance with all policies.
- Disaster Recovery/Business Continuity Policy
- All critical internal systems and processes have a recovery time objective (RTO) and recovery point objective (RPO) of one business day.
- All other systems and processes have a maximum RTO of five business days and RPO of one business day.
- Communication, succession, equipment replacement, criticality of service, data breach, and other key elements are contained within the policy, guidance, or plans.
- Any client systems (SaaS) will have RTO/RPO’s outline within their specific Agreement(s).
- Backup Policy
- All production systems, servers, and workstations must have an offsite & encrypted backup that meets the minimum of a one business day RPO.
- General Use Policies & Guidance
- General use, ownership, email, social media, software installation, third party library use, and other acceptable use are contained within policy, guidance, or team member hand books.
- Security & Encryption Policy
- Password, clean desk, anti-virus, patch management, network, remote access, are contained within policy, guidance, or best practices.
- All client data that is marked “confidential” or “sensitive” will only be used for the required purpose and immediately removed from Sycorr’s systems after use is no longer required.
- All mobile workstations must have full disk encryption.
- Any “sensitive” marked data must be encrypted in transit or at rest within Sycorr products or internal systems.
- Confidentiality, Non-Disclosure, & Privacy Policies
- Confidentiality and privacy of Sycorr clients is held to a high standard due to the nature of working closely with financial institutions.
- Outside of specific policies and guidance all team members review and are trained in best practices on initial hire with remedial training done on an annual basis.