Inventory of Technology

On an annual basis, the CCO of Core Planning, LLC will make an inventory of the following:

• Software platforms and applications (email applications, file management, etc.);
• Systems that house client data; and
• Third-party contractors that have access to systems, platforms, etc.

Core Planning utilizes cloud-based technology systems, which it believes provide increased information security capabilities including:

• Ability to leverage the established infrastructure of trusted technology industry leaders; and
• Improved system alert capabilities including better user activity logging and alerts related to unusual user activity.

Core Planning also recognizes that cloud-based technology systems create a greater reliance on passwords and user login security. As such, we have designed and will continue to develop information security policies with this increased risk as a focus.

Detection of Unauthorized Activity

The CCO is responsible for monitoring on-site and cloud-based systems for suspicious activity.

Such activity may include:

• Logins to company systems after traditional business hours for the local region;
• Logins to company systems from non-local regions; and/or
• Large transfers of files or data.

When suspicious activity is discovered, the CCO will restrict access to the systems and begin to assess what information may have been accessed and what actions need to be taken to remediate the event.

If the unauthorized activity is deemed by the CCO to have led to unauthorized release or use of sensitive client information, the CCO will contact the proper law enforcement and/or regulatory agencies as required by state and Federal law.