Clear Street Trust Center

Our Approach to Security

At Clear Street, security is foundational to how we build and operate our platform.

As a firm operating in highly regulated financial markets, we design our systems to be secure by design, with a focus on protecting client data, ensuring system integrity, and maintaining operational resilience.

Our approach is risk-driven and continuously evolving to address emerging threats and changing regulatory expectations.

Independent Validation and Compliance

Clear Street undergoes regular independent audits to validate the effectiveness of our security controls.

We maintain a SOC 2 Type II report covering the Prime Brokerage Platform, which evaluates the design and operating effectiveness of controls over an extended period.

This assessment is performed by an independent third-party auditor and provides assurance that our controls are appropriately designed and operating effectively in alignment with industry-recognized trust criteria.

Security Program and Governance

We operate a formal, company-wide information security program led by a dedicated security team and overseen by security leadership.

Our Program Includes:

• Defined security policies and procedures
• Ongoing risk assessments and control evaluations
• Board-level oversight of security and internal controls

These practices ensure our security program evolves alongside our business and the threat landscape.

Core Security Practices

Protecting Client Data We implement layered controls to protect sensitive and regulated data throughout its lifecycle, including encryption, access restrictions, and data classification.

Secure Infrastructure and Access Controls Our infrastructure is designed with layered protections across cloud and network environments, with strict access controls and continuous monitoring.

Secure Software Development Security is embedded into our development lifecycle through code review, automated scanning, and controlled deployment processes.

Monitoring and Incident Response We maintain continuous monitoring and a formal incident response capability to detect, investigate, and respond to potential threats.

Third Party Risk Management We assess vendors prior to onboarding and periodically thereafter to ensure they meet our security standards.

Security Controls Details

Identity & Access Management Role-based access controls (RBAC); least privilege access; multi-factor authentication (MFA); centralized identity management (SSO); regular access reviews; rapid reprovisioning upon termination.

Data Protection & Encryption Data classification framework; encryption in transit (TLS) and at rest; strict handling policies for sensitive data

Infrastructure & Network Security Cloud-native architecture; network segmentation; firewall protections; continuous monitoring for misconfigurations

Application Security Secure SDLC; peer code reviews; automated security scanning; separation of environments; controlled deployments

Monitoring & Threat Detection Centralized logging; real-time alerting; continuous monitoring; security operations response

Vulnerability Management Regular vulnerability scanning; annual penetration testing; tracking and remediation based on risk severity

Incident Response Formal incident response plan; defined escalation paths; testing and post-incident reviews

Risk Management Formal risk assessment process; documented risk tracking; ongoing evaluation of threats and mitigations

Change Management Controlled change processes; peer review and approval; security validation prior to deployment

Third Party Risk Management Vendor due diligence; contractual safeguards; periodic reassessment of high-risk vendors

Governance & Oversight Security leadership under CISO; formal policies; executive and board oversight

Independent Assurance SOC 2 Type II audit validating control design and operating effectiveness

Security Resources

Modern infrastructure requires modern security controls

Security at Clear Street is an ongoing investment. We continuously enhance our controls, processes, and technology to protect our clients and support the trust placed in us.

For more information or questions about Clear Street’s security program, please reach out to: security@clearstreet.io