Wall Street Prep is committed to providing financial career training in live seminars and on its best-in-class online training platform. In support of this commitment, Wall Street Prep has developed information security risk management policies to reasonably ensure the confidentiality, integrity, and availability of Your Data that You provide directly to Wall Street Prep or to Wall Street Prep subprocessors, or that your employer, academic institution or organization provides directly to Wall Street Prep or to Wall Street Prep subprocessors in accordance with their respective privacy policies made available to you. This Data Security Statement (the “Statement”) describes some of the security controls that Wall Street Prep has implemented pursuant to those policies. This Statement applies to the Wall Street Prep Service.
Audits and Certifications
Wall Street Prep infrastructure subcontractors and information subprocessors have each completed and/or maintain an information security audit by a respected industry oversight organization and/or holds one or more information security accreditation(s) and/or certification(s). Respected industry oversight organizations, accreditations and certifications include but are not limited to PCI, VeraSign, HIPPA, CSA, SSAE16 SOC2 Type II, ISAE 3402, ITIL, EU Model Clause and EU Privacy Shield.
Some of the infrastructure that Wall Street Prep uses to host Your Data is owned and controlled by Wall Street Prep and the remaining portions of the infrastructure are provided by carefully selected third party service providers.
In some cases Your Data that You submit to the Wall Street Prep Service is stored in a primary data center and is replicated in near-real-time to a secondary data center. The secondary data center is provisioned with sufficient computational, network, and storage resources to replace the functionality of the primary data center, and restore the Wall Street Prep Service if required.
The secondary data center is geographically remote from the primary data center.
Vendor Risk Management
In cases where Wall Street Prep engages third party colocation service providers and infrastructure service providers (the “Data Center Providers”), Wall Street Prep ensures that those Data Center Providers have recently completed an information security audit by a respected industry oversight organization and/or holds one or more information security accreditation(s) and/or certification(s). Respected industry oversight organizations, accreditations and certifications include but are not limited to PCI, HIPPA, CSA, SSAE16 SOC2 Type II, ISAE 3402, ITIL, EU Model Clause, EU Privacy Sheild. Additionally, those third parties are contractually obligated to maintain the confidentiality of Your Data to the fullest extent allowed by applicable law.
Physical Security Controls
- Access to the Data Center Providers’ data center facilities is restricted to authorized personnel only.
- The Data Center Providers’ data center facilities are secured by professional security guards.
- A physical access control system (ID card and/or biometric) has been implemented at entry and exit points of the Data Center Providers’ data center facilities.
- All visitors must be escorted by an employee of the Data Center Providers or, in some cases, a permanent badge-holder at all times when visiting the Data Center Providers’ data center facilities.
Availability and Disaster Resistance
- The Data Center Providers’ data center facilities are designed, built, and maintained to withstand reasonably foreseeable adverse weather and other natural conditions.
- Processing capacity is monitored on a daily basis.
- The Data Center Providers have installed and maintain at least the following environmental protections:
- Cooling systems
- Battery-powered backup electrical supply and/or backup electrical generators
- Redundant communications lines
- Smoke/fire detectors
- Automatic fire suppression systems
- The status of environmental protections is continuously monitored by the Data Center Providers.
- Environmental protections are tested and maintained regularly by the Data Center Providers.
Wall Street Prep’s Data Security Controls
Technical Security Controls
Wall Street Prep maintains at least the following technical security controls and policies:
- Wall Street Prep-authored software applications and IT systems are regularly scanned/monitored for vulnerabilities.
- Known exploitable vulnerabilities in Wall Street Prep-authored software applications and IT systems are patched expeditiously.
- External points of connectivity in the Wall Street Prep application architecture are protected by firewall(s).
- Network and database activity is logged and actively monitored 24/7 by a third-party data security provider in order to instantly detect any potential security events including intrusion.
- Wall Street Prep user passwords are stored in a one-way hash.
Administrative Security Controls
Wall Street Prep maintains at least the following administrative security controls and policies:
- Physical and logical access to IT systems that process Your Data is limited to those officially authorized persons with an identified need for such access.
- Wall Street Prep’s workforce participates in data protection awareness training.
- Wall Street Prep conducts pre-employment background checks to help ensure employee reliability.
Availability and Disaster Recovery
Wall Street Prep has implemented a disaster recovery plan, which is regularly tested. The IT systems architecture of the Wall Street Prep Service includes redundant backups of critical hardware and software components.
Data Protection Officer
Wall Street Prep has appointed a data protection officer. You may contact Wall Street Prep’s data protection officer by email at [email protected].