It’s All About Trust

Best-in-class Security and Compliance

• Audited annually to comply with the best fiduciary practices, including SEC privacy regulations.
• We are SOC2 Type 2 certified by an external auditor. SOC2 security principles focus on preventing the unauthorized use of assets and data handled by the organization. This principle requires organizations to implement access controls to prevent malicious attacks, unauthorized deletion of data, misuse, unauthorized alteration, or disclosure of company information.
• We are ISO 27001:2022, ISO 27017, and ISO 27018 certified by an external auditor. ISO 27001 relates to information security, cybersecurity, and privacy protection. ISO 27017 and ISO 27018 relate to security controls for cloud services and protecting personally identifiable information (PII) in public clouds acting as PII processors.
• We comply with NIST-CSF, a voluntary framework specified by the US Department of Commerce that helps businesses understand, manage, and reduce their cybersecurity risk and protect their network and data.
• We regularly receive rigorous security reviews from global enterprise organizations.
• BrightPlan is the first digital advisor certified by the Centre for Fiduciary Excellence (CEFEX). CEFEX Certification means we’ve been independently certified to uphold the highest standards and act in the employee’s best interests.