EVP Systems is fully prepared to provide all our services throughout the Russian invasion of Ukraine, the sanctions against Russian-domiciled companies that have resulted, and the possibility of Russian or other cyber-attacks on American targets.
The war in Ukraine is an unfathomable disaster with an uncountable human cost. But even in light of this tragedy, our clients have a fiduciary responsibility to their clients, and rely on our software to help fulfill it. EVP Systems takes this duty seriously.
The invasion has the potential to impact our clients in two ways, one concrete and one theoretical. First, the concrete impact:
As of February 28, 2022, all EVP Systems’ data suppliers stopped providing pricing for Russian-domiciled companies, in accordance with American financial sanctions against the Russian government. The Russian company that we most commonly provide pricing for is Yandex (YNDX), the search engine, and it—along with many other smaller firms—will not have historical prices available from March 1, 2022 through the removal of sanctions at some future date.
This situation is not unique to EVP Systems, of course—no American companies can report this data. It is currently against the law.
If a decedent held any Russian-domiciled securities on a date of death as of March 2022 or later, or the securities were included as part of a gift, it is currently unclear how to value them. If and when the IRS makes a definitive ruling on the matter, we will update this article.
Second, the theoretical:
The Russian government (both directly through special military units like “Fancy Bear”–more formally known as Advanced Persistent Threat 28, or “APT28”–and indirectly through control of criminal organizations) is known to participate in illegal hacking. The most common case is “ransomware,” where intruders penetrate a business, encrypt its data, and then offer the decryption key for a price. In other, rarer instances, physical infrastructure is attacked via its electronic control systems: power grids are shut down, or water supplies are turned off. Most observers of Russian information security attacks have been surprised that there have not been any significant incidents so far during the war, either against Ukraine or the countries supporting it, especially the United States. This situation, however, may not continue.
EVP Systems is protected against all of these threats.
Our production servers are hosted at Amazon Web Services, in two separate availability zones on the east cost of the United States. These “AZs” are physically distanced from each other, and each has multiple, independent power and Internet connections. Amazon has best-in-class physical and virtual protections for its data centers, and our systems are shielded by all of them. If one side of our production infrastructure were to go down—for any reason—the other would automatically pick up the full load. Each side is provisioned with enough capacity to easily handle peak usage.
If the entire AWS region were to go down, the EVP Systems Disaster Recovery and Business Continuity documentation includes a Recovery Time Objective (RTO) of four hours if our servers were to be restored in another AWS region, and eight hours at another cloud-hosting provider.
As for the EVP Systems servers themselves, they are all protected by firewalls that only allow in-bound connections to well-known ports running high-reliability software. Human access is controlled by closely-held private keys instead of passwords, and full database snapshots and off-site backups are taken every night. We also monitor for dozens of log anomalies in real-time. Details are available in our Information Security Policy and Intrusion Detection and Audit Process documentation.
If you have any questions about our information security architecture or plans, please don’t hesitate to e-mail our Compliance Department at compliance@evpsys.com.