Multiple oversight mechanisms are established so that the Plan Processor and the CAT System secure CAT Data.

Among other things, the CAT CISO has a fiduciary responsibility to Consolidated Audit Trail, LLC and is responsible for overseeing the security of the CAT System and the Plan Processor. Additionally, the CAT System is an SEC Regulation SCI System of FINRA CAT and of the individual Plan Participants. As such, it is subject to the oversight mechanisms of the SEC and subject to Reg SCI exams performed by the SEC’s Division of Examinations’ Technology Controls Program.

Security oversight is informed by independent and third-party assessments, including recurring Independent Validation and Verification (IV&V) of the NIST SP 800-53-based security control framework and third-party penetration testing and code review. FINRA CAT has also participated in Department of Homeland Security Cybersecurity & Infrastructure Security Agency (DHS CISA) assessments and exercises.