Provides a range of services including cybersecurity monitoring, risk assessment, vulnerability management, regulatory compliance, and incident response tailored for financial institutions including pension funds.
Comprehensive security systems that protect sensitive pension and member data, including intrusion detection, encryption, identity management, and security information and event management (SIEM) platforms.
More Cybersecurity Solutions
More Risk Management ...
|
End-to-End Encryption All sensitive data is encrypted during storage and transmission. |
FIS Managed Risk & Cybersecurity advertises encryption for data at rest and in transit as a core offering. | |
|
Encryption Key Management The system securely manages, rotates, and stores encryption keys. |
FIS offers secure key management services, as referenced in compliance documentation and service overviews. | |
|
Field-Level Data Masking Sensitive fields are masked within user interfaces and data exports. |
No information available | |
|
Data Anonymization Tools Tools to anonymize data for use in analytics and testing. |
No information available | |
|
Encryption Algorithm Strength The strength of cryptographic algorithms used (e.g., AES-256). |
No information available | |
|
Compliance Certificates Certifications (e.g., GDPR, ISO 27001) confirming privacy and data protection standards. |
FIS services are regularly audited; public materials indicate compliance (GDPR, ISO 27001/SOC2) for their cybersecurity services. | |
|
Multi-region Data Residency Ability to store encrypted data within specific geographic jurisdictions to meet regulatory requirements. |
FIS documentation indicates support for region-based data storage for compliance, including support for EU and US residency. | |
|
Automated Encryption Updates Automated update and patching of cryptography libraries. |
No information available | |
|
Secure Backup Encryption Backups are encrypted using the same or better standards as production data. |
FIS states that backups employ encrypted storage and meet high security standards. | |
|
Audit Logging for Data Access Complete audit trail of any encrypted data accessed or decrypted. |
Audit logs for access and decryption are included in security best practices materials and client resources. |
|
Multi-factor Authentication (MFA) Additional authentication steps beyond password entry. |
MFA is offered by default across FIS client services per documentation. | |
|
Role-Based Access Control (RBAC) Access rights and capabilities assigned based on user roles. |
RBAC is an industry norm and specifically included in FIS cybersecurity offerings. | |
|
Single Sign-On (SSO) Users can authenticate once to access multiple systems seamlessly. |
FIS offers SSO integration support for enterprise clients according to service materials. | |
|
Access Policy Automation Automated enforcement of access policies based on user roles and context. |
No information available | |
|
Privileged Access Management Special controls for managing highly privileged accounts. |
Privileged Access Management is specifically called out as a managed feature by FIS. | |
|
Self-service Password Reset Users can securely reset their own passwords. |
No information available | |
|
Identity Federation Allows integration with external identity providers (e.g., SAML, OAuth). |
No information available | |
|
Session Timeout Automatic user logoff after a period of inactivity. |
No information available | |
|
Detailed Access Logs Maintains detailed logs of user authentication and access events. |
Detailed access logs for user actions are referenced in FIS security materials. | |
|
Adaptive Authentication Authentication strength varies depending on risk/context. |
No information available |
|
Firewall Integration Uses advanced firewalls to inspect and control incoming/outgoing traffic. |
Firewall integration and management is called out under FIS Managed Services. | |
|
Intrusion Detection Systems (IDS) Automated systems to detect malicious activity on the network. |
Services include Intrusion Detection as a central component (IDS). | |
|
Intrusion Prevention Systems (IPS) Automated blocking and mitigation of detected attacks. |
Intrusion Prevention Systems offered per product datasheets. | |
|
Network Segmentation Separates critical systems to limit the impact of breaches. |
Network segmentation features described under 'defense-in-depth' approach. | |
|
DDoS Protection Systems to defend against Distributed Denial of Service attacks. |
DDoS mitigation and protection are detailed as part of managed cybersecurity. | |
|
VPN Support Encrypted tunnels for secure remote access. |
No information available | |
|
Patch Management Automation Automatic deployment of security updates to infrastructure. |
FIS advertises automated patch management capabilities for infrastructure. | |
|
Zero Trust Architecture Assumes no implicit trust within the network; authenticates all requests. |
Zero Trust approaches are referenced in FIS architecture white papers. | |
|
Vulnerability Scanning Frequency How often vulnerability scans are performed. |
No information available | |
|
Secure Configuration Baselines Infrastructure configured to recognized security standards. |
Secure configuration baselines are implemented and managed by FIS. |
|
Secure Coding Standards Application code adheres to established secure development practices. |
FIS has secure coding practices in place, as highlighted in SOC2 documents. | |
|
Automated Code Scanning Automated tools scan codebases for vulnerabilities. |
Automated code scanning is a standard part of FIS SDLC and compliance process. | |
|
Web Application Firewalls (WAF) Prevents attacks targeting web applications. |
WAF (Web Application Firewall) protections included in FIS Managed Cybersecurity. | |
|
Regular Penetration Testing Third-party or in-house simulated attacks to find vulnerabilities. |
No information available | |
|
Runtime Application Self-Protection (RASP) Applications detect and block attacks in real time. |
No information available | |
|
API Security Management Controls to secure application programming interfaces. |
API security controls are referenced as a key feature of the service set. | |
|
Static Application Security Testing (SAST) Analyze source code for known vulnerabilities. |
Static code analysis and SAST are part of secure software practices at FIS. | |
|
Dynamic Application Security Testing (DAST) Test running applications for vulnerabilities in real time. |
DAST is a component of application testing as stated in FIS security lifecycle materials. | |
|
Open Web Application Security Project (OWASP) Compliance Application complies with OWASP Top 10 recommendations. |
OWASP compliance verification is listed in developer and compliance documentation. | |
|
Dependency Vulnerability Management Monitors and updates third-party libraries for vulnerabilities. |
FIS updates and monitors third party libraries for vulnerabilities. |
|
Centralized Log Aggregation Consolidates logs from all systems for analysis and storage. |
Centralized log aggregation is supported for analysis and compliance. | |
|
Real-Time Threat Detection System raises alerts on detection of abnormal behavior or attack patterns. |
FIS platforms support real-time threat detection and reporting. | |
|
Automated Response Orchestration The system can automate predefined responses to certain events. |
Automated response orchestration occurs within the managed response capabilities. | |
|
Correlation Rules Engine Allows custom rules for correlating events across systems. |
No information available | |
|
Historical Log Retention The system retains security logs for compliance and investigations. |
No information available | |
|
Customizable Dashboards Allows tailoring of dashboards for different audiences. |
Dashboards can be customized for various reporting needs, as per marketing collateral. | |
|
Forensic Investigation Tools Assists in digital forensic analyses post-incident. |
No information available | |
|
User and Entity Behavior Analytics (UEBA) Uses machine learning to detect behavioral anomalies. |
UEBA (User and Entity Behavior Analytics) is described as part of threat detection. | |
|
Incident Ticketing Integration Links SIEM alerts with incident management platforms. |
SIEM integration includes ticketing and alerting tools integration. | |
|
Alert Notification Latency Time from detection to notification of security personnel. |
No information available |
|
Automated Compliance Reporting Generates and distributes reports for relevant regulations (e.g., SOC 2, GDPR, SOX). |
Compliance reporting is automated for major regulatory frameworks (SOC 2, SOX, GDPR). | |
|
Continuous Risk Monitoring Ongoing evaluation of risks to pension assets and data. |
FIS advertises ongoing, continuous risk monitoring as a selling point. | |
|
Policy Management Tools Enables creation, enforcement, and distribution of security policies. |
Centralized policy and risk management tools are included in the offering. | |
|
Risk Scoring Engine Automatically assigns risk scores based on assets and exposures. |
Automated risk scoring is included as part of managed risk services. | |
|
Third-party Risk Assessment Evaluates security posture of all external service providers. |
Third-party service provider risk is a part of FIS's extended risk program. | |
|
Automated Audit Logging Maintains audit trails meeting compliance obligations. |
Automated audit logging is a core part of the service, essential for compliance. | |
|
Regulatory Change Monitoring Monitors for changes in relevant security regulations. |
Regulatory change monitoring reported as part of compliance-focused managed services. | |
|
Reporting Customization Users can tailor compliance and risk reports to requirements. |
Custom reporting capabilities exist for risk and compliance, documented in product literature. | |
|
Data Retention Period Control Ability to define and enforce data retention policies. |
No information available | |
|
Automated Remediation Tracking Tracks progress and closure of audit and risk remediation tasks. |
No information available |
|
Integrated Security Awareness Training Provides regular training for users on security best practices. |
No information available | |
|
Phishing Simulation Tools Periodically tests users' readiness for phishing attacks. |
No information available | |
|
Policy Acknowledgement Tracking Tracks user acknowledgment of security policies. |
No information available | |
|
Compliance Test Results Dashboards Aggregates user compliance training results. |
No information available | |
|
Refresher Training Frequency How often security training updates are required. |
No information available | |
|
Security Bulletin Distribution Regular updates on new threats and incidents shared with users. |
No information available | |
|
Mandatory Onboarding Training Security training required before system access. |
No information available | |
|
Interactive Learning Modules Engaging, scenario-based training rather than static documents. |
No information available | |
|
Breach Simulation Participation Rate Percent of users participating in breach simulation exercises. |
No information available | |
|
Customizable Training Content Organizations can tailor security awareness content. |
No information available |
|
Automated Incident Playbooks Predefined workflows to respond to specific incident types. |
Automated incident playbooks are referenced within FIS incident response documentation. | |
|
Forensic Data Collection Automation Automatically gathers relevant data during a security event. |
No information available | |
|
Crisis Communication Tools Facilitates rapid, secure communication during incidents. |
Incident response features include secure internal and external communication tools. | |
|
Post-incident Analysis Reports Automatically compiles reports after incidents to support root-cause analysis. |
Automated incident reports generated for post-incident analysis per FIS documentation. | |
|
Response Time SLAs Guaranteed maximum time to initiate a response after detection. |
No information available | |
|
Automated Containment Actions Capabilities to automatically isolate affected systems. |
Automated containment is mentioned as a feature of FIS managed response. | |
|
Internal and External Notification Automation Notifies all stakeholders, including regulators, as required. |
Automated notification of impacted stakeholders and regulators is included. | |
|
Tabletop Exercise Tools Supports running mock incidents to train the response team. |
No information available | |
|
Third-party Forensics Integration Integrates with external digital forensics services. |
No information available | |
|
After-action Remediation Tracking Creates trackable tasks following incident post-mortems. |
No information available |
|
Behavioral Analytics for Fraud Detection Monitors user and transaction behaviors for suspicious patterns. |
Behavioral analytics is used for fraud detection as referenced on product webpages. | |
|
Real-Time Transaction Monitoring Analyzes pension transactions for signs of fraud as they occur. |
Real-time transaction monitoring is highlighted as core fraud protection feature. | |
|
Machine Learning Model Accuracy Accuracy of machine learning models for detecting fraud. |
No information available | |
|
Rule-based Anomaly Detection Administrator-defined business rules to flag abnormal activity. |
Rule-based anomaly detection is included with custom rules capability. | |
|
Blacklists and Whitelists Lists maintained to block or allow specific users or accounts. |
No information available | |
|
High-risk Transaction Notification Speed Time for the system to alert on high-risk actions. |
No information available | |
|
Automated Account Freezing The system can automatically freeze accounts suspected of fraud. |
FIS systems can auto-freeze suspicious accounts according to fraud management materials. | |
|
Integration with Watchlists Links with internal/external fraud and sanctions lists. |
Integration with internal/external watchlists is supported for fraud management. | |
|
Fraud Investigation Workflows Automated workflows to triage and resolve potential fraud cases. |
Case management and fraud investigation workflows are part of FIS managed risk platform. | |
|
False Positive Rate Percentage of legitimate transactions incorrectly flagged. |
No information available |
|
Automated Data Backups Regular backups of key data and system configurations. |
Automated, encrypted data backups are included as standard operational policy. | |
|
Backup Frequency How often data backups are taken. |
No information available | |
|
Recovery Point Objective (RPO) Maximum age of files that must be recovered after an outage. |
No information available | |
|
Recovery Time Objective (RTO) Maximum allowable downtime after a disruption. |
No information available | |
|
Geographically Redundant Infrastructure Replication of data across multiple regions to prevent data loss. |
FIS supports geographic redundancy for disaster recovery. | |
|
Automated Failover Automatic system switch to backup infrastructure upon failure. |
No information available | |
|
Disaster Recovery Testing Frequency Number of times per year recovery plans are tested. |
No information available | |
|
Hot/Cold/ Warm Standby Systems Type of backup environments maintained for quick restoration. |
Hot, warm, and cold standby options available, as listed in business continuity documentation. | |
|
Business Continuity Plan Documentation Comprehensive, up-to-date plan documentation. |
Comprehensive, up-to-date Business Continuity Plans are maintained and reviewed regularly. | |
|
User Notification During Outages Automatic updates sent to users about system status during incidents. |
Automated system status and outage notifications for users are provided. |
|
Open API Availability Public APIs documented for integration with other systems. |
Open APIs with documentation are available for selected FIS platforms. | |
|
Standards-based Data Exchange Supports industry-standard data formats and protocols. |
FIS touts standards-based data exchange across its solutions. | |
|
Custom Integration Toolkit Provides libraries and tools for custom integrations. |
Custom integration toolkits are available for enterprise clients. | |
|
Cloud Service Integration Integrates easily with cloud providers and SaaS tools. |
Cloud service integration (SaaS, AWS, Azure) supported per solution and technical documentation. | |
|
On-premises Integration Support Flexible integration with non-cloud systems. |
On-premises integration is supported for hybrid cloud customers. | |
|
SIEM/SoC Integration Easily connects to Security Operations Centers or SIEM platforms. |
SIEM and SoC (Security Operations Centers) integration is a core interoperability feature. | |
|
Batch Data Import/Export Capability to import/export large data sets between systems. |
Bulk/batch data import-export are supported as described in FIS solution sheets. | |
|
Prebuilt Connectors Ready-made integrations for commonly used pension fund management tools. |
Prebuilt connectors are available for many common pension management systems. | |
|
Integration Testing Suite Automated tools to test integrations before deployment. |
No information available | |
|
Interoperability Certification Certifications for smooth integration with market-standard platforms. |
FIS pursues interoperability certifications, mentioned in relevant documentation. |
This data was generated by an AI system. Please check
with the supplier. More here
While you are talking to them, please let them know that they need to update their entry.