CPI Qualified Plan Consultants, Inc.

Website security utilizes the highest level of hardware, software, and application security methodology ensuring a trusted site for authorized users. The objective of network access is simple—to allow authorized users to access financial information while simultaneously preventing unauthorized access. Any organization deploying interactive web services must develop a comprehensive network security plan and not rely solely on authentication and encryption to protect its data.

Email has become an integral part of our lives both at home and at work. However, email is inherently insecure and as such, cannot be used for sending confidential information such as Social Security numbers (SSNs). For a number of years, CPI has masked the leading five digits of SSNs sent by our automated systems. In addition, we have in effect a block on outgoing emails that contain a complete SSN in the subject line or body of the email, whether sent manually or automatically. Emails containing a full SSN are
returned to the internal sender, so they can mask the appropriate digits and resend. This block does not affect incoming email messages, thus allowing Plan Sponsors and Investment Professionals that choose to send this information to continue to do so.

Laptop and notebook computers are secured in several ways. First, no participant-level data is ever transferred to or stored on a laptop or notebook computer. Second, all laptop and notebook hard drives are encrypted using the TrueCrypt encryption system. This system employs AES-256, Serpent, and Twofish encryption algorithms, ensuring that no information will be compromised in the event of a lost or stolen computer. Third, antivirus and endpoint security software programs are installed on all laptop and notebook computers. All software is kept current through automatic updates. Fourth, all access to the corporate network is accomplished though secure telecommuting software from Citrix and Logmein that isolates the network from the remote computer.

For those clients and investment professionals who are concerned about sending data via email, CPI offers a web-based secure file transfer service. Clients and investment professionals can upload sensitive data to a secure mailbox via an industry standard https connection, which is then retrieved by CPI personnel using the same method. Data can be sent in a similar fashion. CPI personnel upload data to the website, then send an email with a link to the specific file to the recipient for use in downloading the file. An optional password can also be employed for additional security.