POLICY OWNERS: / Roy Cashman, Chief Technology Officer
Bill Periman, VP Technology Infrastructure
DATE INSTITUTED: / August 26, 2005
CURRENT VERSION: / Ver. 3.1
REVISION DATE: / Annual Review - 11/13/12
COBIT 4.1 REFERENCE: / DS11.6
OBJECTIVE:
The objective of the File Transfer Policy (the “Policy”) is to preserve the integrity and confidentiality of the information of Waddell & Reed Financial, Inc. and a certain number of its subsidiaries, (collectively, the “Company”).
SCOPE:
This Policy applies to all Company employees, contractors, interns, and temporary workers who need to send or receive file transfers whether internally or externally, using Company owned systems and methods.
POLICY:
The File Transfer Policy is intended to provide a secure framework for transferring files either internally or externally to other entities. In order to protect the information assets of the Company all external and internal file transfers must be carried out using one of the following acceptable methods:
· Electronic transfer with payload encrypted
· Electronic transfer with protocol encrypted
· Electronic transfer via a private, dedicated connection
· Media transfer, payload encrypted.
ROLES AND RESPONSIBILITIES:
· Data Security shall inventory file transfer requests, and manage the request and approval process.
· Data Security shall manage the encryption keys used by the Company.
· Data Security department is specifically authorized to receive and exchange key material on behalf of the Company.
· UNIX Administrators are authorized to make use of encryption keys for the purpose of conducting file transfers on behalf of the Company.
· UNIX Administrators shall operate the infrastructure for transferring files with third parties.
· UNIX Administrators are responsible for working with the end users, and if necessary, the ETS Production Assurance and Enterprise Solutions Delivery Departments to establish the file transfer.
· ETS Production Assurance is responsible for the configuration of file transfers used in production processes to and from the mainframe.
DEFINITIONS:
Payload encrypted: indicates that a file or message is encrypted and decrypted separately from being transferred by some mechanism.
Protocol encrypted: indicates that the mechanism for transporting the file across the network provides the encryption and decryption capability.
Dedicated connection: indicates a private connection for the Company’s use. A VPN is not considered a private connection for this Policy’s purpose.