Financial Data Security

We leverage industry standards, guidelines and practices related to data security and privacy while simultaneously demonstrating compliance with applicable laws, regulations and authoritative requirements.

Financial Data Security

Yodlee leverages industry standards, guidelines and practices related to data security and privacy while simultaneously demonstrating compliance with applicable laws, regulations and authoritative requirements. Yodlee has undergone numerous comprehensive audits by financial institutions over the past several years.

Yodlee is recognized as an industry leading provider of cloud-based financial technology services to global financial institutions and innovators for nearly two decades. With a proven track record of designing and delivering exceptional products and services, we take pride in building a strong foundation of trust, integrity and reliability built from core principles related to our security, governance, risk management and compliance practices.

Information Security

The Yodlee Enterprise Cybersecurity team functions within the Yodlee business unit are dedicated to security, privacy, risk management, governance and compliance. The team reports to Yodlee's executive management and security leadership.

• The Enterprise Cybersecurity team is organized into different functions which include:
• Regulation and Attestations
• Risk Management
• Client Assurance
• Product security
• Security Operations
• Infrastructure security

Each function has engineers, architects, and analysts with responsibilities relating to their primary role, who also serve as backup for each other.

Working closely with its security partners, the Enterprise Cybersecurity team enables security, privacy, risk management, and compliance throughout the organization.

Risk Management

Yodlee has a comprehensive risk management program in place. This program is designed to focus resources and efforts on the assessment, monitoring, and management of our corporate and Enterprise Cybersecurity risk profiles.

The program consists of formal risk assessments at the organizational and product levels, and is incorporated into all facets of our processes, including application development, data center operations, and internal security management. Our Enterprise Risk Management (ERM) program provides a layer of transparency, ensuring the necessary information is available for our Executive Management team and Board to make effective risk-based decisions.

The Yodlee ERM is standards-based and incorporates guidelines and requirements from NIST, ISO, COSO, FFIEC, and the Basel Committee's Risk Management Principles for Electronic Banking.

Security and Privacy Awareness Program

Yodlee has a comprehensive security and privacy awareness program. The program is embedded in all aspects of employee communications and includes mandatory security and privacy awareness training and testing, ongoing awareness training programs, monthly simulated phishing tests and feedback from monitoring systems. The Enterprise Cybersecurity team is responsible for developing, implementing, and maintaining this program, ensuring that our employees are aware of the importance of security and privacy in everything we do.

Disaster Recovery

Yodlee has a comprehensive Disaster Recovery (DR) program for our internal services and our clients’ applications. Our approach requires regular tests of our internal DR and annual testing with clients of their DR option. Our client DR options include contracted RPO and RTO designed to map with our client’s requirements.

Best Practices

Yodlee follows industry best practice guidelines in the design and implementation of our network security environment. We use zones to separate our Production, Staging, Development, Corporate, and specialty networks from each other with access control devices between each zone. We further segment networks within each zone in order to apply granular security and audit controls appropriate to each function. Other key controls include:

• Centralized Bastion Hosts
• Multi-factor Authentication
• Resilient and Redundant Infrastructure
• Data Encryption
• Vulnerability Management
• Centralized Security Incident and Event Management (SIEM)
• Secure Virtual Desktop Infrastructure Limiting Data Movement
• Layered Security Zones
• Enterprise Antivirus Management
• Intrusion Detection/Prevention System (IDS/IPS) Monitoring
• Distributed Denial of Service (DDoS) Monitoring)

Vulnerability Report Program

The Yodlee Platform has a comprehensive patching and vulnerability management program in place and a team that actively monitors new vulnerabilities through various sources, including vendor mailing lists, open-source communities, and industry partners. Once a vulnerability is identified and confirmed, Yodlee’s Platform Enterprise Cybersecurity team conducts a formal review of applicable patches and ensures that critical vulnerabilities and high-priority issues are remediated within 30 days.

Read our FAQ for additional information regarding Yodlee Security.