Internal Governance Policy
Conflicts of Interest Policy
Business Continuity Plan Summary
Disaster Recovery Policy
Inquiries and Complaints Policies and Procedures
Internal Governance Policy
The SharesPost Research LLC Advisory Committee (the “Advisory Committee”) is responsible for maintaining the integrity of SharesPost Research LLC (“Company”) products and publications.
The Advisory Committee meets no less than quarterly to discuss, among other things:
- Any new Company product or publication proposals;
- Technical due diligence requirements associated with any proposed new products or publications;
- The Company’s ability to maintain current products and publications;
- Any substantive changes to current products and publications, taking into consideration feedback received externally, through the Company’s inquiries and complaints policy channels, as well as internally;
- Availability and appropriateness of third-party content incorporated into Company products and publications; and
- Any operational issues that may have arisen since the prior meeting of the Advisory Committee, focusing on opportunities to improve operating controls and procedures.
Advisory Committee Membership
The Advisory Committee is comprised of qualified senior Company governance, operations and research personnel.
Conflicts of Interest Policy
Identification of Conflicts
A conflict of interest occurs where competing obligations or motivations result in, or are likely to result in, material risk of damage to the interests of another person or entity.
It is important that actual and potential conflicts of interest in SharesPost Research LLC (together with its affiliates, the “Company”) are identified and managed. Anyone who identifies a new conflict of interest must immediately report it to a supervisor.
An advisory committee made up of qualified senior Company personnel (the “Advisory Committee”) will conduct reviews on at least an annual basis to ensure that it identifies all actual and potential conflicts of interest on an ongoing basis and keeps this policy (the “Policy”) up to date. The identification and management of conflicts will also be achieved through ongoing compliance monitoring programs of the Company and its affiliates.
Monitoring and Reporting
The Advisory Committee will engage fully with the conflicts of interest identification and management process and take responsibility for the active ownership of conflicts of interest.
All of the Company’s staff must declare to their supervisor and/or a member of the Advisory Committee, as appropriate, any actual or potential conflicts of interest that arises in the course of their work.
Any Company staff who are actually or potentially conflicted must disclose this to the Company, whether the conflict arises during the course of their employment at the Company or from external factors.
Where an actual or potential conflict of interest arises on behalf of interests of the Company itself, rather than an individual employee or stakeholder in the Company, the Advisory Committee has the same responsibility for managing the conflict or potential conflict as if the conflict arose based on the interests of any such individual.
The Advisory Committee maintains a conflicts register in order to record:
- conflict and potential conflict situations;
- the appropriate mitigation strategy in each case;
- ownership of the ongoing management of a conflict; and
- where appropriate, an assessment of how effective the mitigation strategy proves.
Conflict of Interest Management
Each actual or potential conflict of interest identified must be managed and monitored by the Advisory Committee or a designee thereof. The following types of procedures and measures may be appropriate when managing conflicts of interest:
- Control of Information: Preventing/controlling the exchange of information between opposing sides of a conflict of interest.
- Removal of Remuneration Links: Removing direct links between the remuneration of individuals on opposite sides of a conflict of interest, or remuneration links that may influence an individual to favor a particular product or service.
- Segregation of Duties: Preventing/controlling the simultaneous/sequential involvement of individuals in separate tasks or services.
- Contractual Arrangements: Anticipating and avoiding conflicts that may arise via contractual arrangements to which the Company is a party, and obtaining appropriate consents and/or waivers where such conflicts cannot be avoided.
- Separate Supervision: Ensuring that individuals on opposite sides of a conflict of interest are subject to separate supervision.
- Disclosure: Where the measures implemented to manage conflicts described above are insufficient to avoid actual or potential conflicts, or otherwise are not reasonably practical, then the nature of the conflicts of interest arising must be disclosed as appropriate.
Business Continuity Plan Summary
SharesPost Research LLC (“we” or “SharesPost”) has developed a Business Continuity Plan (our “BCP”) describing how we will respond to events that significantly disrupt our business. Since the timing and impact of disasters and disruptions is unpredictable, we will have to be flexible in responding to actual events as they occur.
If after a significant business disruption, you cannot contact us as you usually do at (800) 279-7754 or at our email address firstname.lastname@example.org, you should go to our web site at sharespost.com.
Our Business Continuity Plan:
SharesPost is committed to all of its constituents. We plan to quickly recover and resume business operations after a significant business disruption and respond by safeguarding our employees and property and ensuring the effective availability of SharesPost services. Our BCP is designed to permit our firm to resume operations as quickly as possible, given the scope and severity of the significant business disruption.
Our BCP addresses: data backup and recovery; all mission critical systems; financial and operational assessments; alternative communications with constituents; alternate physical location of employees; and critical supplier, contractor, and counterparty impact.
Our electronic hosting providers back up our important records in a geographically separate area.
Significant business disruptions can vary in their scope, such as only our firm, a single building housing our firm, the business district where our firm is located, the city where we are located, or the whole region. Within each of these areas, the severity of the disruption can also vary from minimal to severe. In a disruption to only our firm or a building housing our firm, we will transfer our operations to a local site when needed. In a disruption affecting our business district, city, or region, we will transfer our operations to a site outside of the affected area. In either situation, we plan to continue in business, and notify you through our web site, www.sharespost.com regarding how to contact us. If the significant business disruption is so severe that it prevents us from remaining in business, we will notify you as soon as quickly as practicable.
For more information:
If you have questions about our business continuity planning, you can contact us at (800) 279-7754.
Disaster Recovery Policy
This disaster recovery policy (this “Policy”) outlines the baseline capabilities of SharePost Research LLC (“we” or “SharesPost”) to continue operations in the event of a disaster affecting our firm. Such disaster could include any of the following events:
- Flash flood
- Power Outage
- Terrorist Attack
The Policy is closely related to our Business Continuity Plan.
We retain EzeCastle Castle Integration, an outsourced technology services provider (“ECI”), to support our disaster recovery capabilities. ECI provides a highly available IT platform, including the following layers of data protection and disaster recovery for data and applications:
Highly Resilient Infrastructure
ECI’s cloud service is built on a highly resilient infrastructure that is monitored 24x7x365 at the Eze Network Operations Center (NOC). All hardware, power, cooling and network connectivity are configured with N+1 or greater availability to ensure maximum uptime of all services.
The ECI cloud service holds a SOC2 certification and all of ECI’s cloud facilities hold at least one of the following certificates: ISO/IEC 27001:2005, SAS 70 Report – Type I & II, SSAE 16, AICPA SOC 2. They are also composed of multiple active power and cooling distribution paths, providing 99.982% availability.
The ECI cloud service also provides assurance that SharesPost’s data is protected through continuous replication of data to a geographically diverse location.
Data Backup Protection
ECI’s services including hosting SharesPost’s production environment on highly available, enterprise level equipment such as NetApp SAN’s and Cisco networking equipment located in a Tier II/III facility. There are multiple layers of data protection as part of the cloud services.
- Shadow Copy is utilized as part of Microsoft’s native file server solution. With Shadow Copy, SharesPost’s files are configured to create a version backup of files to be utilized for a quick restore solution for accidental file overwrites and versioning control. Shadow Copies are taken every three hours and maintained to provide 20-40 days of recovery. Recovery timeframes for the service are a function of client rate of change and the space allocated to the individual client. Space is automatically increased or decreased by 10%, by an automatic process that runs on a weekly basis.
- Full backups of all SharesPost’s data are performed at least daily and are held for five (5) days. The backup process is monitored by ECI’s 24x7x365 Global Support Desk.
- Exchange and File Data are replicated in near real-time to secondary datacenter located in a geographical diverse location. The disaster recovery environment is a mirror image of the production environment and is designed for complete recovery from a catastrophic event resulting in the production environment becoming completely unavailable. Citrix and VPN are provided for access in the event that SharesPost’s offices are unavailable.
Complete Disaster Recovery
Disaster recovery is provided via an active/active configuration using SAN-to-SAN replication over an ECI owned MPLS connection to a hosted disaster recovery environment located in a geographical diverse location. The disaster recovery environment is a mirror image of the production environment and is designed for complete recovery from a catastrophic event resulting in the production environment becoming completely unavailable.
In the event of a disaster recovery incident, automatic failover of systems will occur to ensure high availability of applications and data. The failover will occur seamlessly and be virtually transparent to users.
Disaster Recovery Testing
Disaster recovery testing is conducted bi-annually per region. Tests include having users verify that they have the functionality needed to work successfully from the disaster recovery site during a disaster.
Inquiries and Complaints Policies and Procedures
The following principles apply to all inquiries or complaints raised with SharesPost Research LLC (the “Company”) regarding the SharesPost Private Growth Index (the “Index”):
- All investigations of a complaint, inquiry or issue raised by any party to the Company must be handled in a fair and timely manner.
- Individuals investigating a complaint should, wherever practical, be independent of those individuals who might be involved in the subject of the complaint.
- Resolution of the complaint, inquiry or issue will be communicated to the party raising it, once a Company decision has been approved, in a timely fashion and in the manner set out in the relevant section of this procedure document.
- All records and correspondence relating to any complaints, inquiries or issues must be kept by the Company for five years.
If any constituent of the Company wishes to raise an issue regarding the Company’s methodologies, service or an issue regarding the suitability of the SharesPost Private Growth Index, they should first contact the Company at email@example.com. On receipt of a communication, the Company will:
- Categorize the issue as to whether it is an inquiry or a complaint and whether it relates to:
- General inquiry;
- Service delivery issue;
- Index calculation issue;
- Index eligibility issue; or
- Index suitability.
- Confer with the complainant if necessary to ensure the nature of the inquiry or complaint is fully understood.
- Relay the nature of the inquiry or complaint to the internal Index administrator (the “Administrator”) for further handling.
In the case of a general inquiry, the Administrator will:
- Liaise with the relevant Company personnel best placed to answer the inquiry and ensure they have all the information provided relating to the inquiry.
- Coordinate a response to the inquiry and maintain a record of all correspondence.
In the case of a service delivery issue:
- The Administrator will coordinate with appropriate Company personnel to provide a written response to the complainant.
- If the inquiry or complaint cannot be resolved by the Administrator, the complaint will be escalated to an advisory committee made up of senior Company personnel (the “Advisory Committee”) for additional guidance or specialist assistance.
- The Company will update the complainant on an ongoing basis throughout the process. The updates will include information such as anticipated resolution date/time and if the query is with another department for investigation/support.
- Once the final resolution has been determined, a written response will be provided to the complainant by the Company.
In the case of a question or complaint about an issue to do with Index calculation:
- The complaint will be escalated directly to the Administrator. The Company will update the complainant on an ongoing basis throughout the review process. The updates will include information such as anticipated resolution date/time.
- The Administrator will be responsible for consulting relevant colleagues to ensure that any subsequent decision or recommendation is based on full possession of the relevant facts.
- If the complaint relates to a matter which involved the exercise of discretion by the Administrator, then, if reasonably practicable, the Administrator should not be involved in the resolution of the complaint. If circumstances dictate that the Administrator needs to be involved, such individual should be mindful of how they approach the resolution of the complaint to ensure that they remain objective.
- Generic calculation errors such as those arising from inappropriate treatment of corporate actions, or data errors such as incorrect authorized share numbers, should be identifiable from the relevant index rules and corporate action methodology guide.
- If the Administrator determines that a clear error of the nature described in (4), above, has occurred, that the error occurred within the specified complaint window, and that an Index restatement is warranted, a notice will be issued and the complainant informed in writing of the resolution after issue of the notice and by the Company;
- If the Administrator concludes that the source of the complaint is not a clear, but rather a matter of interpretation of the rules or methodology guide, the Administrator may choose to solicit the views of Advisory Committee members.
- If, following consultation (if any), the Administrator determines that action is required, the process referred to in (5) will be followed.
- If, following consultation (if any), the Administrator determines that no action is required, the complainant will be informed in writing of the Company’s decision supported by a summary of the rationale for such decision.
Eligibility for the Index
In the case of a question or complaint from a company (or their representative) concerning the company’s eligibility for the Index:
- The Company will escalate the complaint directly to the Administrator.
- If the Administrator agrees with the company, a notice announcing the assessment will be issued. The company will be informed of the change in writing by the Company subsequent to the release of the notice.
- If the Administrator disagrees with the complainant, the Company will revert to the company, informing the complainant of the decision, supported by a summary of the rationale for such decision.
If a party wishes to raise an issue regarding the suitability of the Index as a measure of the underlying interest it seeks to represent, the Company should prepare a response setting out either:
- When the subject matter of the inquiry was last reviewed, by whom and the reasons for the formulation of the Index; or
- That the matter will be raised with the Advisory Committee at the next opportunity, following which the result of the review by Advisory Committee will be communicated to the party and, if any change arises from the review, publicly.
For further information on SharesPost Private Growth Index, please email us at firstname.lastname@example.org.