Cyber Security Program

1. Identification of Threats/Vulnerabilities

List all client data and information the firm creates, collects, receives, uses, processes, stores, or communicates to others.

Colagrossi Futures, LLC maintains customer account forms with customer names, SSN, and all “Know your Client Information” including Corporate/LLC/Partnership papers and financial statements. Colagrossi Futures, LLC equity runs, order activity logs, order tickets, and customer daily/monthly statements are also maintained.

List all electronic hardware used in conducting firm business and list data stored on these devices.

Colagrossi Futures, LLC maintains one desktop computer, one laptop computer, two internet phone lines, one cell phone, and firewall. GIB equity runs, order activity logs, and customer daily/monthly statements are maintained on the desktop computers.

List all software programs used in conducting firm business and list any data stored.

The software Colagrossi Futures, LLC uses includes, but is not limitied is Outlook, Google Chrome, Microsoft Edge, Word, Excel, Power Point, Microsoft EMET, Dashlane, Cubby, CCLeaner, Jetico BestCrypt Volume Encryption, Bit Locker, Yahoo Messenger, Digby, AdBlock Plus, Carbonite, AVG CloudCare, Cubby, TeamViewer, Adobe Reader/Writer, GoToAssist, Grasshopper, Python Interpreter, Komodo IDE, FCM order entry, and other FCM software. Colagrossi Futures, LLC stores equity runs, order activity logs, and customer daily/monthly statements off the internet on an encrypted hard drive.

List client data stored in the form of physical documents in the firm office.

List the control person and firm personnel with access to this data. Include any 3^rd party providers with access to this data.

Mr. Gerard Colagrossi is the member/owner and is the control person for Colagrossi Futures, LLC. APs and administrative assistants may have access to the data. No other 3^rd party providers have access to this data.

List threats and Vulnerabilities.

Colagrossi Futures, LLC has conducted a Risk Assessment. Threat of unauthorized email program access, loss of cell phone or laptops, and unlawful access to the physical location appear to be the primary threats. Additional threats and vulnerabilities are addressed in the following “Deployment Protective Measures” section below and in the firm’s Disaster Recovery Plan, which is updated yearly.

2. Protective Measures

Explain how the firm protects the physical facility from unauthorized access.

Only Mr. Colagrossi has keys to the (home) office. All entries into the office are electronically logged and monitored. All client data is restricted to authorized personnel. All outdated digital and printed information is properly destroyed. Additional vulnerabilities are addressed in the firm’s Disaster Recovery Plan.

How does the firm prevent unauthorized persons from access to information systems?

All computers and phones are protected with passwords, pins or with biometric finger print technology with periodically changed complex passwords that are only available to authorized personnel.

List 3^rd party providers with access to customer information.

None

Does the firm use up-to-date anti-virus, anti-malware, firewall protection and deploy encryption software?

Colagrossi Futures, LLC is running AVG CloudCare anti-virus and anti-malware software on all computers and deploys encryption software and SonicWall Comprehensive Gateway Security Suite firewall protection.

Does the firm use trusted software and update the software when applicable?

Colagrossi Futures, LLC reviews and uses only genuine software; and when applicable, updates in a timely manner. Internet browsers privacy settings are enabled to protect systems from dangerous websites. All websites published by Colagrossi Futures, LLC (colagrossifutures.com) are SSL certified.

Does the firm backup systems and data on a regular basis?

Colagrossi Futures, LLC backs up data on a regular basis.

List any of the following used by the firm: identity & access controls, application whitelists, segmentation & network access controls, or secure software development practices if member develops own software

Colagrossi Futures, LLC uses BestCrypt Volume Encryption, Windows authentication and biometric finger print reading for identity and access control. In addition, Colagrossi Futures, LLC SonicWall Comprehensive Gateway Security Suite firewall protection.

3. Detection of Threats

Does the firm watch for unauthorized intrusion into the physical office?

Yes, through its SonicWall Comprehensive Gateway Security Suite firewall protection.

Has the firm installed intrusion detection software for unauthorized use of the firm’s information systems?

Yes, through its SonicWall Comprehensive Gateway Security Suite firewall protection.

4. Response and Recovery to Breach of Firm’s Electronic Systems

Colagrossi Futures, LLC will contact R.J. O’Brien’s compliance department in the event of a security breach. In addition, Mr. Gerard Colagrossi will take timely action to contain and recover from the security incident, including notification of firm personnel & external parties; and if needed, obtain appropriate support to handle the incident. Finally, Colagrossi Futures, LLC will contact the local authorities if a breach of the physical premises has been made. Documentation of incidents will be recorded. Colagrossi Futures, LLC’s ISSP has been integrated with the Disaster Recovery Plan.

5. Training

Every 12 months Colagrossi Futures, LLC APs will complete online training from one of the approved R.J. O’Brien Cyber Security training companies. Certificates of AP training will be retained for five years.

6. Review and Record Keeping of ISSP

Colagrossi Futures, LLC will continually monitor the security of the firm. The ISSP will be reviewed at least every 12 months for its effectiveness; and updates will be made as required. Records related to the adoption and review of the ISSP will be retained for five years.

Adopted and Reviewed by:

Gerard Colagrossi
Member
April 14, 2016