![Holistiplan Logo (800x200 px).webp]](https://help.holistiplan.com/hs-fs/hubfs/Holistiplan%20Logo%20(800x200%20px).webp?width=160&height=40&name=Holistiplan%20Logo%20(800x200%20px).webp){kind=small}
Short answer: Yes!
The SEC has adopted amendments to Regulation S-P that strengthen requirements for how financial firms protect customer information and respond to data incidents, including maintaining a written incident response program and providing timely notifications to individuals affected by an incident involving sensitive customer information.
While Holistiplan is not directly regulated by the SEC, we understand that many of our RIA and broker-dealer customers are subject to these new requirements. We maintain a comprehensive information security program aligned with SOC 2 standards, including incident response and breach notification procedures designed to support our customers' compliance obligations. In the event of a security incident involving customer data, we are committed to prompt notification consistent with these principles.
Specifically, you can find details on how we handle security breaches in our Incident Response Plan, stating that we commit to notifying our users within 48 hours of a breach. You can access all of our security documents, like our Incident Response Plan, by navigating to our Trust Report.
To help you understand what this means for you regarding Holistiplan, our Co-Founder and CEO, Roger Pine, CFA®, CFP®, recorded a short video explaining how we approach information security and why we hold ourselves to a higher standard.
.png?upsize=true&t=1765490572442&width=475&composeType=play_button&overlayColor=%232f4254&overlayScale=0.3&name=Invite%20(1).png) |
Many members of our team have been advisors, so we understand how much trust your clients place in you and how critical it is to safeguard their personal information. That’s why we treat information security as a core responsibility.
Our commitment to you
Here are a few key ways we go above and beyond:
-
48-hour incident notification standard: If an incident ever impacts your account or data, our internal policy is to notify users within 48 hours.
-
Dedicated information security staff: We have full-time team members focused on maintaining and strengthening our security infrastructure.
-
Strict internal controls: Our security policies and procedures are designed to be more stringent than baseline regulatory requirements.