• US
• EUROPE
• ASIA

• SIFMA Events
• Contact SIFMA

• About SIFMA

  • The SIFMA Organization
  • SIFMA Board and Officers
  • SIFMA Steering Committees
  • SIFMA Regional Boards
  • SIFMA Member Directory
  • SIFMA Senior Management
  • SIFMA Staff
  • SIFMA Affiliates/Divisions
  • Join SIFMA

• Capital Markets

  • Capital Markets Group
  • Fixed Income Markets
  • Risk/Prime Brokerage/Capital
  • Equity Markets
  • Interdealer Brokers
  • Capital Markets
  • Regional Capital Markets
• Private Client
• Asset Management

• Legislative

  • Current Hill Activities NEW
  • Federal Issues
  • International Issues
  • State Issues
  • Testimony
  • Legislative Correspondence
  • Landmark Legislation/Primer
  • Washington Weekly
  • PAC

• Media

  • Press Releases
  • SIFMA SmartBrief
  • FAQs
  • Public Statements
  • In the Media

• Regulatory/Legal

  • Issues
  • Comment Letters
  • White Papers
  • Amicus Briefs
  • Litigation
  • Self-Reg Materials
  • Regulatory Proposals
  • Regulatory Resources
  • ActionLine Update

• Research

  • Market Research
  • Statistical Tables
  • Surveys

• Services

  • Holiday Schedule
  • Standard Forms/Documentation
  • Business Continuity Planning
  • Technology/Operations
  • Publications
  • Conference Presentations
  • Affinity Programs
  • Marketing Opportunities
  • Strategic Partnership
  • Legal Elite Partnership
  • eSources
  • Industry Education
  • HR/Diversity Resources
  • Career Center
• Investor Education
• Emergency Alerts

Friendly advice for IT and application service providers wishing to do business with the Securities Industry

While we are not setting standards, we have composed a short list of industry expectations. If you are handling data that we consider confidential, we expect you to be knowledgeable on these topics:

• Understand that we operate in a highly regulated environment and our questions are not arbitrary. If we are asking you about your operations, it means we have a need to know something about them.
• Be ready to describe how our data is stored and handled in your environment.
• Maintain a positive "tone at the top" attitude toward security. Management in your organization should understand security is a requirement and allocate appropriate resources to maintain a secure environment.
• Take responsibility for the security of your own product or service rather than suggest or expect us to supply additional safeguards in order to safely use your product or service.
• Maintain accountability with security policies and procedures.
• Maintain all security processes in such a manner that they are transparent to all interested parties. Allow interested parties access to both periodic and on-demand audit reports.
• Have well defined procedures to react to security incidents that include notifying your customers when their data has been compromised.
• Stand by your security marketing materials. Be prepared to have your executive management attest that they are accurate.