Security & Compliance

Security and Compliance

Protecting client information and maintaining reliable, defensible workflows are core parts of how we operate. Our program is designed to support reasonable vendor due diligence expectations for legal, financial, and other professional clients.

Security Controls Documented Policies Oversight & Accountability
Documentation available
Supporting materials can be shared upon request.

Policy summaries, insurance documentation, and other due diligence materials may be available upon request, including under NDA where appropriate.

Our security and compliance framework is built around documented policies, workforce expectations, data protection practices, and continuity procedures designed to support professional, time-sensitive work.

Governance

Documented policies, workforce training, acknowledgment requirements, and ongoing review of key controls.

Data Protection

Access controls, secure handling standards, incident response procedures, and lifecycle data management practices.

Continuity

Business continuity and disaster recovery practices designed to help keep time-sensitive matters moving.

At a glance

Program areas covered

  • Insurance and professional accountability
  • Code of conduct and workforce standards
  • User access and password controls
  • Data management and secure handling
  • Document retention and destruction
  • Incident response procedures
  • Disaster recovery and continuity planning
  • Physical security and visitor practices
  • Vendor management and audit support
Details

Policy and control details

  • Insurance: We maintain insurance coverage designed to support professional accountability. Certificates may be available upon request.
  • Code of conduct and confidentiality: Workforce and vendor expectations include confidentiality, professionalism, ethical conduct, and policy compliance.
  • Program oversight: Key policies, training expectations, and acknowledgment requirements are documented and reviewed as part of our operating framework.
  • Endpoint protection: Protective controls are used to help detect, prevent, and respond to malicious activity.
  • Access management: Unique user accounts, credential standards, least-privilege principles, and access removal upon role change or separation.
  • Secure use policies: Standards address acceptable use, wireless access expectations, and controlled use of removable media and transfer methods.
  • Data management: Controls address the handling, storage, transmission, and access of information across its lifecycle.
  • Retention and destruction: Records are retained according to business needs and applicable obligations, with secure disposal practices for paper and electronic materials.
  • Documentation practices: Consistent recordkeeping helps support defensibility, internal oversight, and client due diligence needs.
  • Incident response: Escalation, containment, remediation, documentation, and client communication are addressed through defined procedures.
  • Business continuity: Recovery and continuity practices are structured to support ongoing operations for time-sensitive matters.
  • Physical access: Visitor management and controlled-area practices are used to reduce unnecessary exposure to sensitive information.
  • Vendor oversight: Third-party or field resources are subject to onboarding expectations, appropriate controls, and oversight aligned to the work being performed.
  • Audit support: When appropriate, we maintain documentation and supporting materials sufficient to address reasonable client diligence or audit requests.
Due diligence

Supporting materials

Upon request, we may be able to provide supporting documentation such as:

  • Certificate of insurance
  • Policy summaries or selected excerpts, where appropriate
  • Training and acknowledgment confirmations at a summary level
  • Business continuity and disaster recovery overview at a summary level
  • Incident response overview at a summary level
  • Vendor management overview and subcontractor controls at a summary level
Certain materials may be provided only under NDA or subject to sensitivity-based limitations.
Contact

Security Contact

For compliance questions or due diligence requests:
Security & Compliance Team

This page is a general overview of CNY Process Solutions LLC’s security and compliance framework. Specific controls, documentation, and commitments may vary by engagement and governing written agreement.