Eze Castle Integration Eze Castle Integration

Written Information Cybersecurity
Policy Consulting Services


Hedge Fund Cyber security plan and policies; Written Information Security PoliciesCybersecurity threats facing the hedge fund and financial industry are intensifying as is the focus of the Securities and Exchange Commission (SEC) to ensure hedge funds are prepared and have detailed information security policies in place. In fact, the SEC's Office of Compliance Inspections and Examinations (OCIE) is conducting examinations of registered entities regarding cybersecurity matters. As part of the exam, the SEC will be reviewing hedge funds' written information security plans and policies.

Eze Castle Integration's experienced hedge fund security consultants are working with firms to create Written Information Security Policies (WISP) that address the administrative and technical safeguards a hedge fund needs to withstand a cybersecurity incident and demonstrate preparedness.

Since 2009, when the Massachusetts data privacy law went into effect, our team has worked with clients to create information security policies and incident response plans.


What is a Written Information Security Policy? 

A Written Information Security Policy outlines the administrative and technical safeguards a hedge fund has in place to ensure confidential data is protected.

Administrative Safeguards:

  • Defines confidential data
  • How confidential data is protected
  • Where confidential data is located (i.e., shared drive, externally hosted, hard copy format, etc.)
  • Who has access to confidential data and do they have a business need
  • Roles and responsibilities for responding to a data breach or cybersecurity incident
  • Internal and external communication procedures for responding to an incident
  • Employee responsibilities and training

Technical Safeguards:

  • Assessment of technical safeguards (i.e., penetration testing, email encryption, software patches, vulnerability assessments, firewalls, etc.)
  • Evaluation of technical policies/Cybersecurity Tracking Sheet (i.e., strong password policy, access controls, USB policy, hard copy documentation policy, etc.)
  • If needed, implementation of additional technical safeguards

How You Know If You Need a WISP

Any person or company that has access to client or employee information needs to ensure they implement the appropriate level of administrative and technical safeguards.

Anyone or anything with access to your confidential information needs to have preventative measures in place for protecting confidential data.

A WISP will provide detailed policies and procedures for ensuring confidential data is protected, how it’s being protected and who is ensuring it’s protected.

Watch Our Webinar & Hear More

Eze Castle’s Data Privacy expert recently provided guidance around how firms can prepare to meet changing regulations (including SEC guidance) and investor demands. Specific discussion points included:

  • What information is included in a WISP;
  • Why firms should audit and maintain their WISP plans; and
  • The importance of cybersecurity education and training.

Watch the quick, 20-min video or read the recap.

Hedge Fund Cybersecurity Guide