Hedge fund operational due diligence since 2009.

email Subscribe to PRISM Insights


Cyber breaches continue to be a reputational and operational risk for all businesses. Private fund managers, small and large, are equally at risk. Here are some key questions:

  1. Who is responsible for cyber risk management?
  2. Where are files backed up and where are emails backed up?
  3. Does the firm manage their own file server or use a cloud product for file backup?
  4. If the manager uses a file server, do they have sufficient resources to protect that server (staff, firewalls, threat monitoring)?
  5. If the manager uses a cloud service, does that cloud vendor have sufficient cyber risk management practices in place?
  6. Is email backed up to multiple servers, if so, are these servers adequately protected against breaches?
  7. Has the manager done formal cyber due diligence on its vendors (administrator, bank, consultants, software providers)?
  8. Has the manager had a formal cyber risk diagnostic performed on its overall network by an independent firm?
  9. Has the manager’s staff undergone formal cyber risk management training?
  10. Has the manager undergone phishing testing and penetration testing, and how often are these tests performed?
  11. Is the manager’s hardware encrypted?
  12. If the manager requires staff to use their own personal PCs for DR, are they vetted and protected by the firm’s IT team?
  13. Who manages the firm’s software and hardware accounts and software vendor approvals, and what is their account management policy?
  14. What is the manager’s password management policy (complexity, length, frequency, enforcement, automation)?
  15. How do staff obtain remote access (VPN, 2 factor authentication)?
  16. Does the firm use anti-virus and malware software, and if so which vendor?
  17. Has there ever been a data breach or actual threat of a hack?
  18. Does the firm have a written information security policy?
Hedge Fund and Private Equity Fund Operational Due Diligence

Copyright © 2018. PRISM LLC  |  All Rights Reserved   |  PRISM LLC is not a registered investment adviser or broker dealer.