newcleus Privacy Policy

Privacy Policy

Who we are
Our website address is: https://newcleus.com

IT Security & Privacy Policy

SUMMARY
Control and occupational environments set the tone of the organization, influencing the control
consciousness of its people. Newcleus recognizes that the effectiveness of controls and policies is greatly influenced by the people who create, administer, and monitor them. Integrity and ethical values, organizational structure, and management philosophy are important and influential elements that are held as the highest priority by Newcleus.

Newcleus appreciates and respects the importance of protecting the privacy of data that is exchanged when interacting with our websites or during the normal course of business with our clients, prospects, vendors and staff. This policy outlines the controls, practices, rules and guidelines we employ to safeguard the security and privacy of all data that Newcleus processes. It attempts to demonstrate our commitment to integrity, ethical values, competence and to our clients.

Information Collected
Newcleus stores only information submitted by website users, clients and prospects for the purpose of creating access accounts, information requests and processing documents necessary to administer and manage purchased products, plans and services.

Some examples of personal information collected include:
• Name, address and email collected to create an access account for Newcleus websites or other software solutions.
• Similar information submitted voluntarily for marketing purposes.
• Company and applicant information required for product and service sales and administration.
Newcleus websites collect only information that is offered by site users or customers of their own accord.

Information Use
All information obtained through Newcleus websites is used only by our company, our affiliates and our service partners to communicate with users and clients. This data may also be required during the sale, administration and maintenance of our products and services.

We do not share or otherwise sell any information that we collect with any other parties and is utilized only by our company, affiliates and service partners for Newcleus marketing, sales or administration purposes only.

Information Security & Privacy Safeguards
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Newcleus has put in place appropriate physical, logical, and managerial procedures to safeguard and secure the information we collect as detailed below.

Technical
Newcleus uses the following layers of technical controls to protect its information:

• Antivirus: To protect against malicious code that could compromise information or damage company systems.
• Email filtering: Actively filters incoming email messages for phishing and spam attacks.
• Encryption: We encrypt client information accessed through online account access services to prevent unauthorized users from viewing that information. Company policies require client information stored on mobile devices used for business, including laptops, tablets, and smartphones, to be encrypted as well.
• Firewalls: Newcleus’ internal network resides behind a corporate firewall designed to prevent unauthorized external parties from accessing that data.
• System activity monitoring: A variety of resources are used to monitor systems and identify suspicious activity. Intrusion detection systems and data leakage protection systems reduce the risk of incoming attacks and information loss.

Administrative
Our technical controls are supplemented with the following processes, procedures, and policies to further protect information:

• Business need to know: Access to company systems is implemented based on the principle of least privilege. Access is provided to each system user based solely on their job needs with no additional access provided.
• Change control: A formal policy is in place to help ensure all changes to company systems maintain the confidentiality, integrity, and availability of those systems.
• Corporate governance: Our company’s governance system is abundant, with multiple committees supporting information protection initiatives.
• Cyber Security threat simulations: Newcleus conducts cyber security threat assessments via regular penetration testing. This identifies areas of program strength and opportunities for improvement.
• Incident response: Our well-defined computer security and privacy incident response program is designed to contain and resolve any incidents efficiently and effectively. The program is periodically reviewed and exercised to train and ensure preparation for events.
• Privacy: All employees receive privacy training, with adherence and monitoring of this and all other Newcleus policies conducted by department supervisors.
• Internal and external IT auditors: Internal and external auditors regularly review and assess Newcleus’ information technology systems and operations to ensure we comply with our documented policies and procedures as well as applicable regulations and industry best practices.
• Policies and standards: Newcleus maintains written policies and standards for information protection. These policies and standards provide the foundation and guidance for our information security, privacy, and risk management program.
• Records management and sanitization: Our formalized data management program manages the lifecycle of all information that we handle, including adherence to regulatory requirements and secure disposal of confidential information.
• Risk assessments: Risk assessments are performed biannually as well as during the development and acquisition of information systems to help ensure those systems include appropriate protection of client information.
• Security awareness: Newcleus provides employees and financial representatives with security awareness and training, such as ongoing security awareness articles and events, training in company policies and standards, and simulated phishing exercises.
• Separation of duties: Specific job duties are separated to prevent a conflict of interest when appropriate.
• Threat monitoring: Our internal teams and third-party industry security organizations work together to monitor our environment for existing and potential threats.
• User access reviews: Newcleus reviews user access to company systems quarterly to help ensure users maintain an appropriate level of access to those systems.

Physical
Newcleus also protects its clients’ information from physical harm and theft through the following methods:

• Building and data center physical security: Physical access to our buildings and data centers is restricted with defense in depth to ensure the confidentiality, integrity, and availability of company systems and physical assets.
• Business continuity and disaster recovery planning: Formal business continuity and disaster recovery plans are maintained and tested regularly. These plans are designed to maximize the availability of company systems and information and recover from natural or human-made disasters as efficiently and effectively as possible.
• Redundancy: As part of its business continuity and disaster recovery plans, we maintain redundant data centers to help ensure the availability of company systems and client information.