Happy New Year everyone!
2013 is off and running, and the time has come to look ahead and set goals for your investment firm to ensure a successful and prosperous year. Many of the resolutions we recommended last year still hold true, including testing your disaster recovery system, reviewing and evaluating all telcom contracts, ensuring your business continuity plan is SEC-compliant and performing a comprehensive IT systems audit.
This year, it’s time to take those resolutions to the next level. We asked some of our internal experts here at Eze Castle to share some important resolutions hedge funds could consider making for 2013. Here’s what they had to say:
Jason Nolan, Product Manager: Perform comprehensive evaluations before selecting a cloud service provider.
Last year at this time, we were encouraging our clients to learn more about the cloud and consider moving to a cloud-based IT infrastructure to take advantage of cost benefits and increased operational efficiencies. Today, the hedge fund industry has a much deeper understanding of this technology and is ready to take the cloud discussion to a deeper level. Our big push for 2013 is to encourage investment firms to thoroughly vet potential cloud providers on a number of key areas including backup and retention procedures, security and monitoring practices in place at data centers, Service Level Agreements (SLAs), SSAE 16 certifications and more. Also, be sure to gain an understanding of the service provider’s internal policies as they relate to data access and security procedures.
Lisa Smith, Business Continuity & Data Privacy Manager: Review and enhance your BCP and communicate it well.
If there is one thing we learned from Hurricane Sandy, it’s that, for alternative investment firms, having a comprehensive and robust business continuity plan in place is crucial to achieving success. Of course, this is not new information, and most firms already have plans in place to protect their businesses from these types of events. However, simply having a plan in place is not enough. We encourage our clients to review and discuss their BCPs on an ongoing, regular basis to ensure they continue to evolve as business needs, key personnel and other factors change over time. In addition, it’s important to effectively communicate these plans to all employees within the organization, as well as any pertinent third parties (clients, vendors, investors, etc.), so that everyone understands what to do in the event of a disaster or outage. Keep in mind communicating the details of your company’s BCP can be done through training sessions, information sessions and testing. These are the most effective ways to ensure your employees know what to do during a disaster.
Bob Guilbert, Managing Director: Don’t overlook the importance of security.
In 2013, security will be one of the most discussed topics in the world of hedge fund technology. While we’ve been preaching strong security practices for quite some time, this year will bring a host of new challenges in this arena, especially in the areas of mobility, cyber-attacks and internal breaches. Firms should develop a strategy to combat these security threats, including implementing best practices such as enforcing strong passwords and multi-factor authentication, keeping patches up-to-date for Microsoft, Adobe and the like, restricting executable downloads and creating a mobile computing policy that addresses both company-issued devices and BYOD management.
Marc Gold, Director of New York Client Service: Be prepared for an operational due diligence questionnaire.
It’s no surprise that the hedge fund industry has become increasingly competitive. Investors’ expectations are on the rise, and they’re looking for funds that display the highest levels in operational excellence. At the same time, new regulations are aimed at increasing transparency. As a result, operational due diligence has become a hot topic amongst alternative investment firms. Now, more than ever, it’s critical to ensure your firm meets these high standards by preparing for – or completing in advance – a due diligence questionnaire (DDQ). Operational DDQs cover a wide range of topics, including the fund’s IT infrastructure and the accompanying security procedures. At Eze Castle, our client service team regularly assists funds in completing DDQs. Be sure to download our sample DDQ for hedge funds to help you get started.
Photo credit: gotgame.com
- A Step-By-Step Guide to Dealing with a Security Breach
- The New CIO: From IT Manager to IT Innovator
- New Infographic: Criteria for Evaluating Colocation Providers
- What Not to Do When It Comes to Your IT
- Data Protection Changes Coming to EU Firms
- business continuity planning
- cloud computing
- data loss prevention
- disaster recovery
- eze castle milestones
- hedge fund due diligence
- hedge fund marketing
- hedge fund operations
- hedge fund regulation
- help desk
- high frequency trading
- launching a hedge fund
- privacy compliance
- project management
- real estate
- startup & relocation
- trends we're seeing
- videos and infographics