In September 2015, the Securities and Exchange Commission announced a fine of $75,000 against a private investment firm for their failure to “establish the required cybersecurity policies and procedures in advance of a breach that compromised the personally identifiable information (PII) of approximately 100,000 individuals, including thousands of the firm’s clients.” 

This white paper reviews the SEC Cybersecurity Risk Alert titled, “OCIE’s 2015 Cybersecurity Examination Initiative“ and how it applies to organizations that store sensitive data in the cloud.

It is vital reading for any investment advisor who might use a SaaS provider like Office365, Google, Box, or Dropbox.