Security - LMI Group Intl.

Security

This Security Summary was last revised and is effective as of May 21, 2018.

LMI Group International, Inc. – Security Summary

Introduction

LMI Group International, Inc. (“LMI Group”), employs protocols and technologies such as encryption to ensure system security, user authentication and communication architectures that meet or exceed recognized international standards for high sensitivity and high confidentiality applications. LMI Group undertakes ongoing testing, assessment and benchmarking of its security systems and protocols in order to meet evolving best practices promulgated by leading authorities covering data and systems security and integrity. LMI Group segregates each client’s data including LMI Group’s activities for each client to assure that each client’s data is never comingled with the data of any other client.

Specifications

LMI Group’s data system has six core elements: (i) point-to-point data encryption; (ii) persistent encryption (data in motion and at rest); (iii) air-gapping of ultra-sensitive information; (iv) person, device and IP authentication; (v) secure closed client-communication systems; and (vi) secure closed internal-communication and collaboration systems.

Among other utilities, LMI Group’s system utilizes (i) Intelligent Threat Detection Services, (ii) multiple specialized elements of Amazon Web Services (AWS); and (iii) OKTA identity and access (IAM) and customer-specific identity and access management (CIAM) security elements. LMI Group’s data security system and LMI Group’s internal data control protocols are subject to regular auditing.

LMI Group’s system meets the following industry specifications (U.S. references corresponding to similar EU counterpart standards): AWS (Amazon Web Services) (summary); FISMA (Federal Information Security Modernization Act) ; NIST (NIST 800-53: Security Controls and Assessment Procedures for Federal Information Systems and Organizations) ; and FIPS (FIPS 140-3: Federal Information Processing Standard)  (pending regulatory adoption; selective elements in use).

Client Data Rooms

All LMI Group client information is compartmentalized or ring-fenced by client. Access to each client’s closed client data room is based on documented grants of privilege to access the data room. Access is recorded by access-session date, time, IP address, geospatial location, duration, person and IP authentication data and the information accessed. Client data room documents are controlled by, among other things, partial redaction, password-protection and copying, extraction or downloading prevention features. Documents which have been downloaded based on confirmed privilege incorporate advanced data hashing and digital watermarking and recorded electronic re-agreement to confidentiality terms.

Copyright © 2018 LMI Group International, Inc. All Rights Reserved.