Cybersecurity services

IQ-EQ U.S. provides comprehensive, end-to-end cybersecurity services designed to ensure compliance with regulatory requirements, privacy laws and industry best practices. Our multi-faceted offering utilizes a combination of centralized automation and advisory expertise to build effective cybersecurity programs with highly efficient and reliable execution.

Identification and buildout

• Risk assessment – We evaluate the security of your cyber environment, identify weaknesses and gaps against regulatory obligations, and recommend improvements
• Written information security policy – We develop and maintain cybersecurity policies and procedures tailored to your firm’s business operations, taking into account risk profile, regulatory requirements and industry standards
• Incident response planning – We develop and maintain incident response plans, including breach event reporting and remedial advisory services
• Vendor risk due diligence and monitoring – We provide basic due diligence and ongoing cyber risk monitoring of third-party vendors with data access (unlimited coverage)
• Cybersecurity awareness training – We deliver interactive training, security alerts and continuing education designed for investment professionals
• Cyber insurance assessment – We identify and assess risk of loss, with customized policies available upon request

Monitoring and detection

• Device endpoint monitoring – We perform real-time scanning and compliance monitoring for all endpoints and connected networks, issuing ongoing alerts for policy and network failures. We use a centralized cybersecurity platform for consolidated compliance reporting and program management
• Network vulnerability scanning and penetration testing – We conduct vulnerability scanning and external penetration testing to simulate real-world attacks, uncover exploitable vulnerabilities, and validate security controls
• Phishing simulation – We distribute phishing attempts randomly to promote proper user behavior
• Dark web monitoring – We perform ongoing scanning of the dark web for breaches and company domain activity

Response, recovery and review

• Incident response testing – We generate and test policy documents to enhance organizational resilience
• Annual program review – We conduct an annual review of your cybersecurity program and prepare enhancements as necessary

• Support for operational due diligence requests and investor questionnaires
• Customized, in-depth vendor due diligence and monitoring
• Specialized technology due diligence, including bespoke assessments of artificial intelligence engines and other emerging tools
• Drafting of customized, detailed reports and memoranda
• Internal penetration testing to identify network vulnerabilities from within
• Cloud cybersecurity assessments and consulting services
• Microsoft 365 security reviews and related evaluations
• Cybersecurity focused mock regulatory examinations
• Bespoke cybersecurity training sessions
• Advisory services related to privacy law compliance, including Regulation S-P
• Business continuity plan tabletop exercise