Pefin Advisors Business Continuity Plan Disclosure

This policy explains the Business Continuity Plan for Pefin, describing how we will respond to events that may significantly interfere with our ability to serve our Clients. Our primary objective is to have no interruption of service, and to keep our employees safe. In the unfortunate event of service interruption to Clients, our goal is to get up and running again as quickly as we can.

We plan for the following contingencies:

  1. Pefin office location becomes physically inaccessible

    The Pefin team is set up to work 100% remotely, for extended periods of time. As the Pefin application users Amazon Web Services (AWS), Pefin Clients would not experience any interruption in service if the Pefin office location becomes physically inaccessible.

    Pefin has a backup office location, in Larchmont, New York, which has adequate meeting space and access for all employees, should that be required.

  2. Internet Service is down

    The Pefin team is set up to work 100% remotely, for extended periods of time- which is adequate remedy in the event of a localized Internet outage. As the Pefin application uses Amazon Web Services (AWS), Pefin Clients should not experience any interruption in service, provided their Internet service is not also disrupted. Amazon Web Services has 99.95% reliability.

    If the internet outage is not localized to our offices, Pefin has a remote office, staffed in Ashburn, Virginia, from which operations can continue.

  3. Pefin’s third party Broker/Dealer, APEX, cannot accept trades, or is subject to disruption

    If there is a disruption of service with APEX, all trades are postponed to the next day, or until services is able to be restored. If a client has a liquidation request, we attempt to have APEX accept the trades on a best efforts basis. Irrespective of any office access outage, your assets are safely held with the Custodian. APEX is located in Dallas, Texas with backup of all important records at a geographically separate location, further enhancing the backup in the event of Business Continuity issues.

  4. Cyber-attack:

    A Cyber-attack could come in many forms, which could result in any of the above events, or potentially other, unforeseen consequences. We believe that the best defense is a good offense, so to ensure that our clients are not negatively impacted by a potential Cyber-attack, we have done the following:

    1. Required multi-factor authentication on all client accounts
    2. Deployed military-grade encryption (AES 256 standard) on our systems
    3. Maintain two entirely separate repositories for Personally Identifying Information of our Clients from their Financial Data, each encrypted with different encryption keys.
    4. Use Amazon Web Services, which has a 99.95% reliability and adheres to the latest security standards.
    5. Employed a “defense-in-depth” architecture to minimize potential cyber-attack exposure.

    In the unfortunate event that a Cyber-attack were to penetrate our defenses, in addition to the remedies already described, we anticipate being able to restore normal service expeditiously due to the multiple redundant backups of our systems as well as all of our Client records.

  5. Unanticipated Events:

    While Pefin has made every attempt to anticipate potential business disruptions and to plan mitigants in advance, we recognize that there may be unexpected events for which we could not have planned. In those events we will endeavor to deploy whatever means practical to insure the safety of our employees and to resume service to our Clients as quickly as possible.

    Data on Pefin’s main servers on Amazon Web Services is securely and frequently backed up to local storage for high-speed recovery, and then backed up to multiple redundant storage locations on a nightly basis. This data is retained for business continuity and record-keeping purposes.

Designated Coordinators:
Internal Pefin communications regarding a Business Continuity Plan emergency would be sent by a member of the Pefin Management team to the rest of the Pefin team. This would highlight the next steps and process to follow in the emergency, to insure employee safety and minimal disruption of service.

In the event of a building evacuation, all Pefin employees are asked to meet at the Designated Meeting Area to insure that everyone is accounted for.