Governance

Written policies, workforce training, acknowledgment requirements, and ongoing review of key controls.

Data Protection

Role-based access, secure handling standards, incident response procedures, and lifecycle data management practices.

Continuity

Disaster recovery and business continuity practices designed to keep time-sensitive work moving.

Controls Covered on This Page
Errors & Omissions Insurance Antivirus and Endpoint Protection Code of Conduct
Data Management Incident Response User Access and Password Policy
Document Retention and Destruction Disaster Recovery Plans Wireless Use Policies
Visitor Sign-In Policy Removable Media Policy Vendor Management and Audit Support
Information Security Policies
Policy and Control Details
  • Errors & Omissions Insurance: We maintain E&O coverage to support professional accountability. Certificates are available upon request.
  • Code of Conduct: Workforce expectations include confidentiality, professional standards, conflict awareness, and policy compliance.
  • Program oversight: Documented policies, training, acknowledgment requirements, and periodic review of key controls.
  • Antivirus and endpoint protection: Controls designed to detect, prevent, and respond to malicious activity.
  • Information security policies: Secure handling standards, awareness training, and monitoring and escalation procedures.
  • User access and password policy: Unique user accounts, strong credential standards, least privilege access, and access removal upon role change or separation.
  • Wireless use policies: Approved network standards, secure configuration expectations, and restrictions on insecure networks for sensitive access without safeguards.
  • Removable media policy: Restricted or controlled use of USB and removable storage, favoring secure and auditable transfer channels.
  • Data management: Controls across the data lifecycle, including role-based access and secure storage and transmission expectations.
  • Document retention and destruction: Retention aligned to business needs and applicable obligations, with secure disposal for paper and electronic records.
  • Audit-ready documentation: Consistent documentation practices that support defensibility and client oversight needs.
  • Incident response: Defined escalation paths, containment and remediation steps, documentation practices, and client communication aligned with legal and contractual expectations.
  • Disaster recovery and business continuity: Backup and recovery practices for critical systems and records, with procedures focused on continuity for time-sensitive matters.
  • Visitor sign-in policy: Visitor management expectations for non-public work areas, including escorted access where appropriate.
  • Controlled areas: Access limitation practices designed to reduce exposure of sensitive information.
  • Vendor management: Due diligence expectations before onboarding, appropriate contractual controls, and ongoing monitoring aligned to risk.
  • Process server audit capability: When third parties or field resources are used, we maintain oversight and documentation to support reasonable client audit requests, including confirmation of compliance with job requirements and supporting documentation of service attempts where applicable.
Due Diligence and Documentation

Upon request, we can provide supporting materials such as:

  • Certificate of insurance (E&O)
  • Policy summaries or excerpts (where appropriate)
  • Training and acknowledgment confirmations (summary level)
  • Disaster recovery and continuity overview (summary level)
  • Incident response overview (summary level)
  • Vendor management overview and subcontractor controls (summary level)
Some materials may be shared under NDA depending on sensitivity.
Security Contact
For compliance questions or requests:
Security & Compliance Team
Important Note
This page is a general overview of CNY Process Solutions LLC's program and does not constitute a contractual guarantee. Specific controls and commitments may vary by engagement and written agreement.