In order to provide for the continued performance of its fiduciary function, Kingdom Trust maintains a comprehensive disaster and security plan and a thorough set of controls and safeguards to ensure the security of our systems, website, data and real estate. This plan includes policies for operating the business as well as critical systems that will need to be in place to conduct business, and the plan is reviewed and tested annually to ensure that all components are working properly and the systems will be functional in a timely manner if the need arises.
Trust Accounting System Security
Kingdom Trust uses the Accutrust Gold accounting system through an outsourcing relationship with Accutech Systems Corporation (ASC). Accutrust provides access to the system via an Internet linkup utilizing an ASP Citrix connection. If the Internet or the Citrix link should become disabled, the first level of backup access would be to go to any location where the system can be accessed through any Internet connection. Also, the Citrix connection has a built-in redundancy; should both connections fail simultaneously, access would be unavailable until Citrix could remedy the problem.
If access to the offices of Kingdom Trust is not available, access to its data is available from any location with Internet access.
ASC maintains a comprehensive disaster recovery plan as well as a thorough set of controls to ensure that client information is properly stored and secured. ASC maintains an off-site storage facility and all processing is backed up to that site on a daily basis. ASC also maintains co-location hosting facilities for data backup and recovery. In addition, each building housing systems, data and information is a secure facility. Access to the buildings is controlled by secure card access so that only authorized personnel have access for entry.
ASC network technicians monitor traffic into and out of its networks and employ hardware firewalls for restricted access to its network. In an effort to ensure that the systems are completely protected, ASC engages a third party to perform annual penetration testing.
ASC also has designed the software to ensure that only employees that need access to information have the ability to obtain that information. The system is set up so that employees’ access to the system is restricted based on user levels. These user levels are a way to ensure there are proper checks and balances in the daily operations. ASC provides a module-based system that we utilize as the company grows. There are appropriate levels of access allocated to the proper departments.
Data Transmission and Website Security
Kingdom Trust has an established policy to ensure that any data submitted or transmitted to third party vendors be encrypted and secure. This helps ensure that the information contained within the files is protected.
Kingdom Trust uses secure connections and file encryption for any and all data exchanged on the Kingdom Trust website. All data is maintained on servers in Murray, Kentucky, which are backed up off-site not less than weekly.
The Kingdom Trust Operations Center building is equipped with an alarm system, monitored by a third party and wired into the local police station, and a fire detection system. Only a limited number of executive-level employees have keys to gain access to the property. The operating staff does not have entry without an executive on the premises. In addition, Kingdom Trust provides fireproof storage of original documents and access at the South Dakota office by computer to certain custodial documents of clients and customers. The company reviews the building security on an annual basis to maintain its high standards of consumer account document protection.
In the event of a disaster, the President/CEO will be the disaster recovery coordinator. He or she, with the assistance of the other managers and employees, will be in charge of implementing any necessary measures to restore normal business operations.
Primary responsibility for the recovery of customer data will be by Kingdom Trust as set forth in its Disaster Recovery Plan.