It is the security features in a bank note that allows a shop owner to trust the piece of paper you’ve given them in exchange for some groceries. This is why we’ve baked security into each of our processes, creating a robust and effective control environment which is reviewed annually through a SOC 2 attestation.
These are the key security features that are built into our platform. For more information please get in touch.
Encryption in Transit
All client data sent to or generated inside our platform follows an encrypted data lifecycle and all interactions with the system occurs over an encrypted protocol: Secure HTTP (HTTPS). We keep supported cipher suites for the SSL encryption used for HTTPS in line with industry standards and regularly run external tests to verify this, the results of these tests are publicly available. Once data enters our platform it remains encrypted in transit throughout our networks.
Encryption at Rest
Client data is encrypted at rest and employs a key management system which allows us to rotate the keys used for the encryption of these volumes on a regular basis. Backups are also stored encrypted at rest, meaning your data is never available in cleartext.
FundApps’ platform and code is tested for vulnerabilities by CREST accredited third parties, as well as through continuous automated Application Security Tools.
Intrusion Detection and Mitigation
FundApps implements intrusion detection capabilities which are coupled with a 24/7 SOC so we can detect and react to any threat at any time.
FundApps enforces several layers of access control.
FundApps platforms allows clients to integrate their Single-Sign-On solution thus automating provisioning/deprovisioning of their accesses, and providing their users with a transparent authentication process. Alternatively clients may use multi-factor authentication.
The FundApps platform implements authorisations based on different roles. These roles allow matching permissions in the platform with our client’s users job functions, based on the least privilege principle.
Network Access Control
FundApps is able to provide further access control by applying IP restrictions to client environments, preventing access from networks other than those specified by the client. These restrictions operate before any authentication to the system and prevent any requests being made to the application at all.
Client data is hosted in client specific environments to ensure there is no risk of data commingling.
Our infrastructure stack is designed with two primary failure modes: Failover and Disaster Recovery.
Failover is catered for entirely within a single geographic region (Ireland) using a highly available primary environment. In this primary environment, data is replicated synchronously and spread across several data centres which each have discrete power and internet connectivity.
Disaster Recovery is provided from a secondary geographic region (Germany) and this mode is intended to meet a 4 hour RTO (Return Time Objective) in case of total loss/failure of the primary environment. This capability is tested annually to ensure our RTO can be met.
FundApps - SOC 2
A third party validates the suitability and effectiveness of all of FundApps’ security controls. Reports are available on demand.
FundApps - STAR Registrant
FundApps is a STAR registrant for the Cloud Security Alliance (CSA). This allows clients and prospects to see for themselves how FundApps complies with cloud security good practices.
Amazon Web Services
FundApps hosts its platform in Amazon Web Services’ infrastructure within the European Union. AWS holds multiple industry standard certifications relating to security and availability.
A combination of textbook knowledge and tips on what worked and didn’t work going through the SOC 2 assessment. Read more
Specified Parties, Description Criteria, Trust Services Categories, Trust Services Criteria and Points of Focus. Read more
You’ve made yourself tea, pulled out a sheet of paper, and your pencil is razor sharp. Where do you go from here? Read more