Our promise
Your security and privacy are our top priority. To safeguard your data, we employ enterprise-grade security controls, practices, and procedures across our infrastructure and application layers. Ongoing monitoring and updates to our security practices help maintain alignment with industry best practices and standards.
Secure infrastructure
Our platform security measures align with esteemed industry frameworks such as the CIS Benchmarks 1.4 and NIST guidelines. Our infrastructure is subject to regular security audits and assessments to maintain the highest standards of protection.
Vulnerability management
Pontera takes proactive measures to identify and remediate system vulnerabilities. Regular assessments, scanning, and manual testing reduce potential attack surfaces. Routine penetration tests conducted by third parties ensure our defenses remain resilient within the evolving cybersecurity landscape.
Monitoring and incident response
Our information security team monitors all activity in Pontera infrastructure, networks, and systems. In addition, the company employs incident response measures to bolster our defenses and ensure maximum resilience.
Data protection
When retirement savers connect their financial accounts to Pontera, their data is protected with best-in-class encryption while being transmitted and stored.
Availability and continuity
Pontera deploys system uptime monitoring and 24/7 priority support. Our system is designed for resiliency and to withstand potential disruptions. Disaster Recovery Plans (DRP) and Business Continuity Plans (BCP) are continuously tested and updated to mitigate risks and allow the quick restoration of services in the event of unforeseen circumstances.
Backup and recovery
Secure and routine backups ensure the availability of customer data and enable speedy recovery in the event of data loss or system failure.
Guaranteed protection
Our goal is to ensure that retirement savers are able to receive the advice and support they need while their account remains secure. When retirement savers connect their accounts to Pontera, they retain a high degree of protection. Pontera's Client Protection Pledge defends financial data at all costs.
No credential sharing
Pontera is purpose-designed to enable financial advisors to proactively analyze and rebalance plan accounts to deliver better retirement outcomes without account access. The platform never shares retirement savers' credentials and prohibits account logins, disbursements, transfers, or beneficiary changes that would constitute constructive custody under Rule 206(4)-2 of the SEC Advisers Act.
Automatic supervision logging
Advisors and their compliance teams can leverage Pontera's supervision tracking capabilities to annotate all advisor account reviews and changes. Learn more about Pontera's compliance practices here.
SOC 2 Type 2
SOC 2 Type 2 certification demonstrates our compliance with industry-leading standards for information security, including implementation of stringent security and privacy practices. Available upon request, Pontera's SOC 2 Type 2 certification is issued through Ernst & Young.
ISO/IEC 27001
Pontera is certified as ISO 27001 compliant, signifying that we adhere to international standards for information security management. It demonstrates our rigorous implementation of information security controls to ensure the confidentiality, integrity, and availability of client data.
California Consumer Privacy Act
Pontera complies with privacy regulations, including the California Consumer Privacy Act to ensure the lawful and ethical handling of personal data.
