Information Security Policy

ALSO READ:  Cyber Security: Protecting You and Your Money

Tull Financial Group, Inc. (TFG) is an investment adviser registered with the Securities and Exchange Commission (SEC) under the Investment Advisers Act of 1940, as amended. TFG maintains a Privacy Policy in order to comply with the SEC’s Privacy of Consumer Financial Information rule (commonly known as “Regulation S-P”).

TFG’s Privacy Policy applies to any individual to whom TFG renders financial services or has done so in the past (in other words, all clients of TFG). It covers any nonpublic personal information obtained from clients, as well as from other firms in connection with providing such services. The categories of nonpublic personal information that are collected depend on the scope of the client engagement, and may include descriptions of clients, their Social Security numbers and birth dates, contact information, their income and asset information, employment details, tax and estate documents, transactions between clients and third parties, other financial information, and health information.

All nonpublic personal information is treated as strictly confidential and is not disclosed except to employees for the purpose of carrying out their responsibilities and to affiliated and nonaffiliated firms necessary to affect and administer custodial, brokerage, financial planning, legal, accounting, insurance or similar services requested and authorized by the client. Federal and state regulators also may review client records as permitted under law. TFG requires that our affiliates protect and restrict the use of client information to the same extent as TFG.

TFG Clientele: Your privacy is a serious matter to us. This Privacy Notice is presented annually to our TFG clients, to demonstrate that every effort is being made to secure all private client information from public access.

Secured Paper Files

Filing cabinets are locked outside of regular business hours.  Any papers to be disposed which contain client information are shredded on-site monthly by a bonded and insured company.  TFG’s site of business is also securely locked and electronically armed for fire and theft outside of regular business hours.

Secured Electronic Files and Databases

TFG’s computer system consists of a peer-to-peer network including a server, which stores all data related to client activities.  All TFG computers are secured by a password system and all workstations are logged-off outside of regular business hours.  Any electronic information accessible through the Internet is guarded by a secure firewall, and all TFG computers are regularly scanned for viruses. TFG backs-up all electronic data essential to its operations on a daily basis, with the prior day’s backup electronically sent and stored to a remote location in case of disaster.

Secured Client Communications

E-mail: From time to time, TFG will correspond with clients regarding private matters via electronic mail.  TFG takes the precaution of verifying all client e-mail addresses, and limiting the content of communications to exclude sensitive elements such as account numbers, Tax ID numbers, and the like, unless authorized by the client.  A Disclosure is included with every client e-mail which addresses any persons who may receive the message in error, along with instructions to contact our office and properly dispose of the data.  E-mail communications to third parties which relate to our clients are conducted only as necessary to fulfill the obligations of the firm; however, no personal information pertaining specifically to our clients is shared with third parties without the expressed consent of the client.

Phone: Client communications by phone are a daily task, and in situations where TFG initiates a call and reaches voicemail, the Policy is to limit the content of information to exclude dollar amounts, account numbers, and any other sensitive information, unless authorized by the client.  Conversations occurring with third parties related to our client situations are conducted only as necessary to fulfill the obligations of the firm; however, no personal information pertaining to clients is shared with third parties without the expressed consent of the client.

ClientView Live: TFG now offers a password secured online portal for information, communication, and document delivery between TFG and its clients. This portal is accessed through TFG’s website.

Phishing: “Phishing” is the illegal attempt to trick people into providing personal, confidential or financial information. For example, a person falsely claiming to be a person of authority may contact an office to request private client information, with the intent to use the information for identity theft. These malicious attempts may come through e-mail, internet, and telephone.  TFG is aware of this threat, and it is our practice to (1) validate the identity of any individual requesting such confidential information, (2) clarify the reason for the request, and (3) establish that the client has granted authorization before releasing the requested information. It is also TFG’s custom to cultivate personal relationships with its third-party affiliates, which greatly helps us identify impostors.

Regular Mail:  It is TFG’s policy to never mail personal and sensitive information regarding a client other than to the address kept on record at TFG, without the client’s expressed instruction.

Security Among Third Parties

Daily Business Operations: TFG and its employees avoid leaving nonpublic personal information in plain view in areas where it may be seen by visitors or discussing such information in public places where it may be overheard. TFG routinely reviews these practices to ensure the confidentiality, security and integrity of its nonpublic personal information.

Third-Party Service Providers: TFG employs the services of third-parties who either have direct access to confidential information, or may inadvertently come across it within the proper capacity of their services to us. For example, TFG requires regular services from computer technicians. Therefore, we obtain a signed non-disclosure acknowledgement and agreement from each service person, which explains our policy of client privacy and holds the third-party individual to the same standards of protection.

Document Destruction

The 2005 FACT Act requires proper destruction of confidential client information entrusted to Investment Advisers. TFG utilizes a bonded and insured destruction service which calls monthly and destroys all materials on-site. Materials awaiting destruction between calls are held in a locked bin, and destruction is certified and documented by the company with each call.

Ongoing Diligence

TFG’s Privacy Policy is reviewed at least annually to ensure that our efforts to protect your privacy remain current with ongoing changes experienced within this Profession, through technological advancements, and other various influences.