Written Information Security Program Summary

Marengo Finance maintains a written information security program summary for the website, advisor portal, onboarding workflows, and supporting service providers used to operate the product.

The program is designed around role-based access, minimum-necessary collection, encryption of selected sensitive values, change management, vendor oversight, and incident response coordination.

The operating model includes user provisioning and deprovisioning, audit logging, privacy workflow handling, password reset controls, and multi-factor authentication for password-based portal login.

Control owners still need to document policies, perform periodic access reviews, and retain evidence if a formal examination or customer diligence process requires it.

The current product uses HTTPS, hardened cookies, role-scoped sessions, login throttling, audit trails, minimized intake snapshots, and encrypted storage for selected identity fields.

Deletion workflows redact matching client and lead records after review instead of relying on ad hoc manual edits.

Managed infrastructure and service providers are reviewed as part of the stack design, and the trust center identifies the standard vendors used by default plus optional integrations that a customer may enable.