Information Security Policy

Aprio Holdings, LLC (hereinafter together with all of its subsidiaries and affiliates, collectively referred to as “Aprio” or “Company”) is committed to the protection of Company information (“Information”) from a wide range of threats in order to minimize business risks, maximize return on investments and business opportunities, and ensure business continuity.

Aprio is committed to safeguard the confidentiality, integrity and availability of all physical and electronic Information / digital assets of the Company to ensure compliance with applicable regulatory, Operational and contractual obligations by adopting and implementing an effective Information Security Management System (ISMS).

The objectives for the ISMS are based on security risk management program that:

  • Follows a risk-based, reasoned approach
  • Protects the operational integrity of the business
  • Is commensurate with fiduciary and compliance responsibilities
  • Addresses market / client / prospect expectations
  • Is sustainable and adaptable to changing business and security threat environment
  • Ensures our people understand their roles and responsibilities

ISMS goals are in line with the organization’s business objectives, strategy and business plans. The ISMS Committee is responsible for reviewing these general ISMS objectives and setting new ones.

Objectives for individual security controls or groups of controls are proposed by the ISMS Committee and approved by VP, Technology.

The Chief Executive Officer and Managing Partner declares that the ISMS implementation and continual improvement will be supported with adequate resources to achieve all objectives set in this Policy, as well as satisfy all identified requirements.

Aprio employees, third party contractors / vendors, consultants, external auditors who have access to and are responsible for viewing, creating, and processing, handling, storing, transmitting, destroying Aprio information assets in any form are required to comply with the ISMS Aprio Information Security Policy.