Our promise

Your security and privacy are our top priority. To safeguard your data, we employ enterprise-grade security controls, practices, and procedures across our infrastructure and application layers. Ongoing monitoring and updates to our security practices help maintain alignment with industry best practices and standards.

Group 83-1

Security

__Encryption

Secure infrastructure

Our platform security measures align with esteemed industry frameworks such as the CIS Benchmarks 1.4 and NIST guidelines. Our infrastructure is subject to regular security audits and assessments to maintain the highest standards of protection.

Shield icon

Vulnerability management

Pontera takes proactive measures to identify and remediate system vulnerabilities. Regular assessments, scanning, and manual testing reduce potential attack surfaces. Routine penetration tests conducted by third parties ensure our defenses remain resilient within the evolving cybersecurity landscape.

__Clarity

Monitoring and incident response

Our information security team monitors all activity in Pontera infrastructure, networks, and systems. In addition, the company employs incident response measures to bolster our defenses and ensure maximum resilience.

__Cybersecurity

Data protection

When retirement savers connect their financial accounts to Pontera, their data is protected with best-in-class encryption while being transmitted and stored.


Privacy

Access control

Pontera adheres to the principle of least privilege. An advanced access control framework employs numerous measures to limit access to authorized individuals. Our Zero Trust Network Architecture approach aims to enhance security measures and mitigate potential breaches by seeking to authenticate every request for access.

Workforce practices

At Pontera, our team is committed to developing and enacting data privacy and information security practices that align with industry benchmarks and best practices. All employees undergo thorough background checks, sign non-disclosure agreements, and complete mandatory security and privacy training programs to create a secure environment.

Group 84-2

Reliability

__Seamless

Availability and continuity

Pontera deploys system uptime monitoring and 24/7 priority support. Our system is designed for resiliency and to withstand potential disruptions. Disaster Recovery Plans (DRP) and Business Continuity Plans (BCP) are continuously tested and updated to mitigate risks and allow the quick restoration of services in the event of unforeseen circumstances.

__Laptop

Backup and recovery

Secure and routine backups ensure the availability of customer data and enable speedy recovery in the event of data loss or system failure.


Assurance

Guaranteed protection

Our goal is to ensure that retirement savers are able to receive the advice and support they need while their account remains secure. When retirement savers connect their accounts to Pontera, they retain a high degree of protection. Pontera's Client Protection Pledge defends financial data at all costs.

Group 85-1

__Secure Login Credentials

No credential sharing

Pontera is purpose-designed to enable financial advisors to proactively analyze and rebalance plan accounts to deliver better retirement outcomes without account access. The platform never shares retirement savers' credentials and prohibits account logins, disbursements, transfers, or beneficiary changes that would constitute constructive custody under Rule 206(4)-2 of the SEC Advisers Act.

__Auditing Documents

Automatic supervision logging

Advisors and their compliance teams can leverage Pontera's supervision tracking capabilities to annotate all advisor account reviews and changes. Learn more about Pontera's compliance practices here.


Compliance

SOC 2 Type 2

SOC 2 Type 2 certification demonstrates our compliance with industry-leading standards for information security, including implementation of stringent security and privacy practices. Available upon request, Pontera's SOC 2 Type 2 certification is issued through Ernst & Young.

Group 82

ISO/IEC 27001

Pontera is certified as ISO 27001 compliant, signifying that we adhere to international standards for information security management. It demonstrates our rigorous implementation of information security controls to ensure the confidentiality, integrity, and availability of client data.

Group 87

California Consumer Privacy Act

Pontera complies with privacy regulations, including the California Consumer Privacy Act to ensure the lawful and ethical handling of personal data.

Group 80

Visit the Pontera Trust Center

Request access to our security assessment documentation, compliance reports, and more.