PE Stack Cyber Security Statement

Introduction

  • This statement provides an overview of PE Stack’s approach to cybersecurity.

Security Policy

  • Our policy addresses the handing of a client’s proprietary, sensitive, and confidential information. Policies are reviewed and communicated to all staff.

Organization information security approach and compliance

  • In addition to information security, our policy covers data protection and follows guidelines from the Computer Fraud and Abuse Act (CFAA). PE Stack has a cyber security officer in place to ensure compliance among all employees.

Third-Party Applications

  • PE Stack utilizes third-party platforms to conduct daily business functions and to store client information. PE Stack has conducted technical due diligence against these third-party applications to make sure they align with the security measures that are required to ensure protected data and documents.

Employee Security Practices

Prior to hiring employees, PE Stack conducts a background check of all employees, including proof of identification, references, and an employee’s right to work. Upon hiring, all employees are trained to follow proper security protocols when handling client data and are trained on an ongoing basis as new protocols are put into place. Violations of relevant policies could result in disciplinary action, up to and including termination.

Physical office and Datacenter facilities

  • PE Stack’s operations are based in Los Angeles, California at a Regus facility in Woodland Hills. Regus utilizes network firewalls to create virtual private networks to ensure that our data is not being shared with other companies utilizing the same facility. PE Stack also offers their employee’s the opportunity to work from home and has provided demonstration to ensure network privacy.

  • PE Stack utilizes cloud-based servers, specifically Microsoft 365, that are in the West US region of Microsoft’s cloud data centers. Attached below is the documentation from Microsoft pertaining to their data center security:

    https://docs.microsoft.com/en-us/compliance/assurance/assurance-datacenter-security

Documentation and Process

  • PE Stack keeps a record of all operational procedures that are in place. In addition to the current policies, PE Stack also keeps documentation of previous policies and amendments that have been made over time.

Infrastructure Protection

  • Upon distribution of laptops to employees, PE Stack installs anti-virus/malware protection, as well as a protected browser to all laptops.

  • Upon setting up employee email domains, PE Stack has provisioned regularly scheduled password changes and two factor authentication methods in Microsoft Outlook to ensure that data that is sent through email is protected and delivered solely to the intended PE Stack employee.

Data protection

Any client data that is shared with PE Stack is prohibited from being saved locally on any PE Stack device. All relevant data from a client is to be stored in a secure, cloud storage folder within Microsoft SharePoint Server. Client data entails, but is not limited to:

  • Financial Data

  • Workflow Data

  • Operational Data

  • Portfolio Company Data

  • Employee Information

  • Company Strategic Data

  • Business and Incident Management

PE Stack has cybersecurity incident response policies and plans in place. These plans cover detection, response, and reporting. PE Stack regularly updates their policies and plans to stay up to date against new incidents and to make sure we are following the latest, most efficient methods of data security.

* Upon request, PE Stack can provide further documentation regarding each section of the Cybersecurity Policy at info@pestack.com.