MOVEit Transfer Critical Vulnerability – CVE-2023-35708
Progress has discovered a vulnerability in their MOVEit Transfer product that could lead to escalated privileges and potential unauthorized access to the environment.
After reviewing our infrastructure, our Information and Application Security teams have determined that SRS Acquiom is not at risk from this vulnerability as we do not utilize MOVEit Transfer.
Security is a Top Priority
We understand the sensitive nature of M&A operations and critical need to protect shareholder private information. We employ a multi-faceted approach that includes hiring the right people, leveraging best-of-breed cloud infrastructure, and adherence to industry standards to manage our network, secure our web and client applications, and set policies across our organization.
Security Audit & Controls
Maintaining client trust is paramount to us. And, we’re proud that we have met the strict standards for SOC2. Our annual SOC2/SOC3 is performed by an independent audit firm and have multiple years of our protocols meeting AICPA requirements. We will continue to enhance the security of our services for the future growth and integrity of the company.
Download our reports.
Systems & Technology
- Cloud-based accounting and hosting systems for redundancy and resiliency.
- Round-the-clock monitoring, incidence response, disaster recovery, and business continuity.
- Proprietary, patent-pending “mutual authentication” and secure public key cryptography (PKC)-based e-signature technology, both tailored to work with the unique requirements of M&A transactions.
- Annual cybersecurity assessment including penetration testing by a leading security review firm.
- State-of-the-art firewall.
Complete Security for Identity and Sensitive Information
- Mutual authentication and strong passwords required before shareholders can enroll for our online services.
- e-Signatures, enabled for tax document and LOT submittals, secured through public key cryptography, tied to a unique password, and protected from fraudulent insertion attacks using external time-stamping services.
- Secure email communication of private shareholder information.
SRS Acquiom is the global leader in managing post-closing activity in private M&A with more than 7,400 M&A transactions, valued at over $775 billion. We have hired industry-recognized experts in information security and industry standards. They ensure process security across our entire organization.
- Segregation of responsibilities through operational roles and distinct levels of authorization which are controlled and monitored.
- Personnel access to systems only through virtual private network.
- All SRS Acquiom staff are screened and checked for criminal and financial history.
- Online systems provide audit trails and monitoring to augment those provided by providers.
- Information Security, Privacy, and related policies and procedures to meet financial industry compliance standards, including SOC 2, FINRA/SEC, and state cybersecurity laws.
Deposit, Payment Administration and Escrow Services
- Funds paid through regulated broker-dealer account for the exclusive benefit of customers, with unclaimed funds held in the name of FDIC-insured banks as custodian. No SRS Acquiom credit risk.
- Escrows held in corporate trust division of banks subject to specific terms of the escrow agreement, ensuring strict independence from the deal parties and SRS Acquiom.
- Disbursements only possible pursuant to written direction of deal parties, shareholder payees, court order, and/or the terms of the escrow agreement.
- Electronic payments require three separate approvals. No single person can provide more than one approval. Bank systems provide final review and release.
- Payee Positive Pay – All checks reviewed by bank prior to payment with respect to amount, check number, date, and payee name.
- Electronic LOTs entered by payee with online validations. All paper LOTs dual captured to eliminate errors.
Securities products and payments services offered through Acquiom Financial LLC, an affiliate broker-dealer of SRS Acquiom Inc. and member FINRA/SIPC. For Institutional Use Only.