Chapter 4 - Section 5 - NASAA Investment Adviser Information Security and Privacy Rule

Question 1

The policies and procedures must be tailored to the Investment Adviser’s business model, taking into account the ______ of the firm, types of _________ provided, and the number of ____________ of the investment adviser.

Answer 1

Size, Services, Locations

Question 2

The physical security and cybersecurity policies and procedures must cover at last five functions. What are those functions?

Answer 2

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

Question 3

The Investment Adviser must review, no less frequently than ____________, and modify, as needed, these policies and procedures to ensure the adequacy of the security measures and the effectiveness of their implementation.

Answer 3

Annually

Question 4

The IA must deliver, upon the IA’s engagement by a client and on an _____________ basis thereafter, a privacy policy to each client. The IA must ___________ update and deliver to each client an amended privacy policy if any information in the policy becomes inaccurate.

Answer 4

Annual; promptly

Question 5

What are other considerations for an IA in regard to protecting customer information and privacy?

Answer 5

• train staff to recognize suspicious emails
• install anti-virus software
• use cloud-based servers
• two forms of ID to access systems
• 3rd party systems to sign confidentiality agreements