certification+: the most comprehensive compliance solution
TRANSCRIPT
![Page 1: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/1.jpg)
1
The Most ComprehensiveCompliance Solution
![Page 2: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/2.jpg)
2
![Page 3: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/3.jpg)
3
Agenda• Partner Introductions• Market Drivers• Certification+ Partnership • Agent Benefits• What the partners do• FAQs
![Page 4: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/4.jpg)
4
Market Drivers• Self-assessments no longer acceptable• Lenders requiring 3-party certification
• 4.1.16 Equity Mortgage Bankers• 3.24.16 Delta Community CU
• Cyber Security is No. 1 Concern for the industry• Employees responsible for nearly 40% of all breaches• Key lender regulators (CFPB, OCC, FDIC) published
bulletins on third-party risk management
![Page 5: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/5.jpg)
5
The PartnershipWho we are:
– PYA, Real Estate Data Shield, Security Compliance Associates
– ALTA Elite Providers– FNTG preferred vendors– Best-in-Class Solutions Providers
![Page 6: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/6.jpg)
6
What is Certification+?• Comprehensive compliance package for title
agents, settlement agents, RE attorneys, escrow companies, notaries etc.
• Unique bundled services:• IT security assessments (including Cyber Security)• GLBA Compliance• Certification of all ALTA Best Practice 7 pillars• Employee Training
![Page 7: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/7.jpg)
7
What is Certification+?We are a team of experienced professionals dedicated to assisting our industry partners with meeting compliance challenges. Our executive team includes:
– A former national title underwriter executive with 35+ years of industry experience
– A state insurance department regulator
– A former title agent and current settlement firm principal with 25+ years of title and settlement experience
– A CISSP (Certified Information Systems Security Professional) and IT security specialist with more than 21 years supporting the US Air Force as Chief of Computer Investigations and Operations with computer criminal, counterintelligence and counter espionage experience
– A CIPP (Certified Information Privacy Professional)
![Page 8: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/8.jpg)
8
• Affordable to both small and large agents
• Single point-of-contact• Certification of all 7 pillars• Gramm-Leach-Bliley Act (GLBA)
Compliance– IT and Cyber Security assessments
• World-Class employee compliance training
Agent
![Page 9: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/9.jpg)
9
![Page 10: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/10.jpg)
10Compliance Management Platform™
CEO and founder of Real Estate Data Shield and The Gulotta Law Group, Chris has represented institutional lenders in mortgage finance transactions for over 25 years. He has developed compliance management platforms and Data Security Compliance tools for mortgage lenders, title underwriters, independent title and settlement agents, notaries and attorneys. Chris is a Certified Information Privacy Professional and sits on ALTA’s Best Practice Task Force.
Christopher J. Gulotta, Founder & CEO, Esq., CIPP
Paul Schwartz,Chief Privacy Advisor
Richard Purcell,Courseware Developer
An international expert on information privacy law, Professor Schwartz assists corporations and law firms with regulatory, policy, and governance issues. As professor of law at UC Berkeley and Director of the Berkeley Center for Law and Technology, he has published widely on privacy and data security topics.
A leading voice in consumer privacy and data protection challenges, Mr. Purcell is an award-winning developer of Web-based education and training courses. As Microsoft's original Privacy Officer, he designed and implemented one of the world's largest and most advanced privacy programs.
![Page 11: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/11.jpg)
11
REDS 2.0REDS 2.0 Includes:
– E-Commerce Website: Our new e-commerce website allows clients to purchase our products and register employees directly through our website with ease. This new web interface allows for east setup, onboarding and management of users
– Updated Staff Training Courseware: Our award-winning courseware has been updated and includes two (2) NEW learning modules
– Policies & Procedure Templates and Security Self-Assessment Tool: Information Security policies & procedure templates and a company self-assessment tool for companies to jump-start the compliance process.
![Page 12: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/12.jpg)
12
Additional REDS 2.0 Features:– Client “Administrator” functionality allows for easy tracking of employee progress through a 2.0 dashboard.
– The new modules include our Compliance Coach Avatar “CC”, who will guide employees through the courseware and learning process.
– The new “Preamble Module” educates employees and increases their awareness of the need to safeguard NPPI and how to help implement Cyber Security in the office. Designed to change corporate culture and staff behavior.
– The new “Summary Module” bolsters the educational content in REDS 1.0 with a deeper dive into information security and the Privacy Smart® best practices.
– REDS 1.0 and REDS 2.0 were exclusively developed for the Title and Settlement industry by, (i) Christopher Gulotta, Esq., a national recognized subject matter expert in title, settlement & Information Security Compliance with a CIPP designation; (ii) Richard Purcell, Microsoft’s First Privacy Officer; and (iii) Professor Paul Schwartz, of Berkeley Law School.
![Page 13: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/13.jpg)
13
Compliance Management Platform• Compliance is the New Marketing
– Enhance your marketability by becoming a Cyber Secure environment– Position your company to thrive in the new regulatory and contractual
landscape and “comply to survive” with the increasing regulatory standards– Train your staff in privacy and security requirements & safeguards to better
protect your non-public personal information and escrow funds with our award-winning Data Security Awareness Courseware
– Demonstrate internal controls that comply with federal and state consumer privacy and security laws, rules, and regulations using our Information Management Compliance Manual with guidelines, procedures and policy templates
– Assess your overall compliance with an assessment of vulnerabilities to reveal gaps and pinpoint critical areas for remediation
• Compliance Management Platform™– Prepare your company for lender compliance audits and contractual scrutiny– Privacy and security law and regulations require it and regulators enforce it– Lenders will contractually mandate it in the Post-TRID environment
![Page 14: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/14.jpg)
14
Compliance Management Platform Components
• Threats and Vulnerabilities
• Controls and Safeguards
• Information Management Governance
• Security Infrastructure – Physical and Technical
• Employee Awareness
Risk Self-Assessment
• Consumer Privacy• Employee Data
Protection• Acceptable Use of
Company Resources – Employees
• Information Security• Information
Management – Third Parties
• Security Breach Management
Policies & Procedures
• Information Management for Real Estate Settlement Services Companies (title, settlement, attorneys, notaries, escrow companies, etc.)
Staff Training 2.0
![Page 15: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/15.jpg)
15
Admin Home
![Page 16: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/16.jpg)
16
Online Training
![Page 17: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/17.jpg)
17
Preamble Module
![Page 18: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/18.jpg)
18
Summary Module
![Page 19: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/19.jpg)
19
Admin Dashboard
![Page 20: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/20.jpg)
20
Policies & Procedures
![Page 21: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/21.jpg)
21
Risk Self-Assessment
![Page 22: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/22.jpg)
22
Compliance Management Platform™• Information Drives the Digital Economy
– Advanced technologies have created efficiencies– Regulators are focusing on how transitions to digital information management require
oversight of critical financial services– Major players are turning scrutiny toward service providers to protect their interests
• Compliance As a Required Competency– Comprehensive information management programs with documented policies and
procedures– Regular risk assessment evaluation to detect and correct vulnerabilities– Company-wide awareness and training communications
• Real Estate Data Shield’s Compliance Management Platform™– Guidance and templates for a comprehensive program, fully documented– Self-assessments for adherence to regulatory and best practices standards– Award-winning web-based training supported by robust reporting
You can only manage what you can measure
![Page 23: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/23.jpg)
23
Christopher J. Gulotta, Esq., CIPPFounder & CEO
Real Estate Data Shield, Inc. (212-951-7302
For Marketing & Sales Inquiries:
Maria MeyersDirector of Marketing & Sales
( 212-951-7302*[email protected]
![Page 24: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/24.jpg)
24
![Page 25: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/25.jpg)
25
Who is Pershing Yoakley & Associates, P.C.?
![Page 26: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/26.jpg)
26
pyabestpractices.com
Complimentary tools for Fidelity agents• Gap Analysis: evaluation of policies and procedures• Readiness Tool: Short questionnaire by pillar to
gauge compliance
Tools for Agents
![Page 27: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/27.jpg)
27
Menu of Engagement TypesAs a public accounting
firm, PYA can work along with SCA and
REDS to provide higher levels of assurance such as SOC 2 or examinations, if
necessary.
![Page 28: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/28.jpg)
28
![Page 29: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/29.jpg)
29
Matthew FroningChief Information Officer
Security Compliance Associates, Inc.*[email protected]
(727) 571-1141
http://www.scasecurity.com
Security Compliance Associates, LLC © 2016
![Page 30: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/30.jpg)
30
SCA Background• Founded in 2000• Tampa’s 30th Fastest Growing Co - 2013• Over 3,000 Assessment Assignments Completed• Three Verticals – Coast to Coast
– Title & Settlement – Financial Institutions (Credit Unions, Banks, Investment Firms– Healthcare
• 35% Growth Since 2009• 20 Team Members and Growing• ALTA Elite Provider
![Page 31: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/31.jpg)
31
Engineer Certifications• CISSP – Certified Information Systems Security Professional• CISA – Certified Information Systems Auditor• ISSMP – Information Systems Security Management
Professional• ISSAP – Information Systems Security Architecture
Professional• CEH – Certified Ethical Hacker• CPT – Certified Penetration Tester
![Page 32: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/32.jpg)
32
Our Services • External & Internal Vulnerability Assessment
• External & Internal Vulnerability Scans• ALTA Best Practices Pillar 3 Certification – Protection of NPPI
• GLBA Gap Analysis• Cybersecurity Gap Analysis
![Page 33: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/33.jpg)
33
Our Services • IT Risk Assessments• InfoSec Controls Review• Social Engineering • Physical Security Review• Network Architecture Review• DoS Assessment
![Page 34: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/34.jpg)
34
SCA Reports
![Page 35: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/35.jpg)
35
SCA Reports
![Page 36: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/36.jpg)
36
FNTG Agent Benefits• Legal Compliance as a Financial
Institution• Uncover vulnerabilities• Become Cyber Secure• Mitigate risks• Access to IT Security expertise• We help agents sleep at night
![Page 37: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/37.jpg)
37
FAQ’s• What is the difference between a
certification, an examination, a SOC 1, or a SOC 2?
• What is the cost?• My agents’ lenders have not requested a
third-party certification yet so why do I need Certification+?
![Page 38: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/38.jpg)
38
FAQ’s• What if my lender requests a higher level
of certification after I have completed a Certification+ engagement?
• How do agents initiate the process?• How do all three companies coordinate
the engagement behind the scenes?
![Page 39: Certification+: The Most Comprehensive Compliance Solution](https://reader035.vdocuments.mx/reader035/viewer/2022070509/58a684b61a28ab94238b67a3/html5/thumbnails/39.jpg)
39
FAQ’s• Where can I send agents for additional
information?• What is involved in a GLBA assessment?• What are common IT security
remediation items, and how does SCA assist?