Your security and privacy are our top priority. To safeguard your data, we employ enterprise-grade security controls, practices, and procedures across our infrastructure and application layers. Ongoing monitoring and updates to our security practices help maintain alignment with industry best practices and standards.
Our platform security measures align with esteemed industry frameworks such as the CIS Benchmarks 1.4 and NIST guidelines. Our infrastructure is subject to regular security audits and assessments to maintain the highest standards of protection.
Pontera takes proactive measures to identify and remediate system vulnerabilities. Regular assessments, scanning, and manual testing reduce potential attack surfaces. Routine penetration tests conducted by third parties ensure our defenses remain resilient within the evolving cybersecurity landscape.
Monitoring and incident response
Our information security team monitors all activity in Pontera infrastructure, networks, and systems. In addition, the company employs incident response measures to bolster our defenses and ensure maximum resilience.
When retirement savers connect their financial accounts to Pontera, their data is protected with best-in-class encryption while being transmitted and stored.
Pontera adheres to the principle of least privilege. An advanced access control framework employs numerous measures to limit access to authorized individuals. Our Zero Trust Network Architecture approach aims to enhance security measures and mitigate potential breaches by seeking to authenticate every request for access.
At Pontera, our team is committed to developing and enacting data privacy and information security practices that align with industry benchmarks and best practices. All employees undergo thorough background checks, sign non-disclosure agreements, and complete mandatory security and privacy training programs to create a secure environment.
Availability and continuity
Pontera deploys system uptime monitoring and 24/7 priority support. Our system is designed for resiliency and to withstand potential disruptions. Disaster Recovery Plans (DRP) and Business Continuity Plans (BCP) are continuously tested and updated to mitigate risks and allow the quick restoration of services in the event of unforeseen circumstances.
Backup and recovery
Secure and routine backups ensure the availability of customer data and enable speedy recovery in the event of data loss or system failure.
Our goal is to ensure that retirement savers are able to receive the advice and support they need while their account remains secure. When retirement savers connect their accounts to Pontera, they retain a high degree of protection. Pontera's Client Protection Pledge defends financial data at all costs.
No credential sharing
Pontera is purpose-designed to enable financial advisors to proactively analyze and rebalance plan accounts to deliver better retirement outcomes without account access. The platform never shares retirement savers' credentials and prohibits account logins, disbursements, transfers, or beneficiary changes that would constitute constructive custody under Rule 206(4)-2 of the SEC Advisers Act.
Automatic supervision logging
Advisors and their compliance teams can leverage Pontera's supervision tracking capabilities to annotate all advisor account reviews and changes. Learn more about Pontera's compliance practices here.
SOC 2 Type 2
SOC 2 Type 2 certification demonstrates our compliance with industry-leading standards for information security, including implementation of stringent security and privacy practices. Available upon request, Pontera's SOC 2 Type 2 certification is issued through Ernst & Young.
Pontera is certified as ISO 27001 compliant, signifying that we adhere to international standards for information security management. It demonstrates our rigorous implementation of information security controls to ensure the confidentiality, integrity, and availability of client data.
California Consumer Privacy Act
Pontera complies with privacy regulations, including the California Consumer Privacy Act to ensure the lawful and ethical handling of personal data.