Security at FundApps

Vincent in the office kitchen

At FundApps we believe that trust is paramount to our business. We want our clients to trust us so that we can deliver the best service to them and we need our providers to be trustworthy so that we can use their services confidently.

Security is the key element which will build that trust

It is the security features in a bank note that allows a shop owner to trust the piece of paper you’ve given them in exchange for some groceries. This is why we’ve baked security into each of our processes, creating a robust and effective control environment which is reviewed annually through a SOC 2 attestation. 

These are the key security features that are built into our platform. For more information please get in touch.

Globe and secure documents

Data Security

Encryption in Transit

All client data sent to or generated inside our platform follows an encrypted data lifecycle and all interactions with the system occurs over an encrypted protocol: Secure HTTP (HTTPS). We keep supported cipher suites for the SSL encryption used for HTTPS in line with industry standards and regularly run external tests to verify this, the results of these tests are publicly available. Once data enters our platform it remains encrypted in transit throughout our networks.

Encryption at Rest

Client data is encrypted at rest and employs a key management system which allows us to rotate the keys used for the encryption of these volumes on a regular basis. Backups are also stored encrypted at rest, meaning your data is never available in cleartext.

Security Assessments

FundApps’ platform and code is tested for vulnerabilities by CREST accredited third parties, as well as through continuous automated Application Security Tools.

Intrusion Detection and Mitigation

FundApps implements intrusion detection capabilities which are coupled with a 24/7 SOC so we can detect and react to any threat at any time.

Globe and system controls

Access Control

FundApps enforces several layers of access control.

Authentication

FundApps platforms allows clients to integrate their Single-Sign-On solution thus automating provisioning/deprovisioning of their accesses, and providing their users with a transparent authentication process. Alternatively clients may use multi-factor authentication.

Authorisation

The FundApps platform implements authorisations based on different roles. These roles allow matching permissions in the platform with our client’s users job functions, based on the least privilege principle.

Network Access Control

FundApps is able to provide further access control by applying IP restrictions to client environments, preventing access from networks other than those specified by the client. These restrictions operate before any authentication to the system and prevent any requests being made to the application at all.

Client Segregation

Client data is hosted in client specific environments to ensure there is no risk of data commingling.

Software resilience

Resilience

Our infrastructure stack is designed with two primary failure modes: Failover and Disaster Recovery.

Failover is catered for entirely within a single geographic region (Ireland) using a highly available primary environment. In this primary environment, data is replicated synchronously and spread across several data centres which each have discrete power and internet connectivity.

Disaster Recovery is provided from a secondary geographic region (Germany) and this mode is intended to meet a 4 hour RTO (Return Time Objective) in case of total loss/failure of the primary environment. This capability is tested annually to ensure our RTO can be met.

Cloud compliance

Compliance

FundApps - ISO 27001
FundApps' security controls were reviewed by a third-party auditor, which issued an ISO 27001:2013 certification.

FundApps - SOC 2

A third party validates the suitability and effectiveness of all of FundApps’ security controls. Reports are available on demand.

FundApps - STAR Registrant

FundApps is a STAR registrant for the Cloud Security Alliance (CSA). This allows clients and prospects to see for themselves how FundApps complies with cloud security good practices.

FundApps - Privacy Policy

FundApps complies with data protection regulations such as GDPR as described in its privacy policy.

Amazon Web Services

FundApps hosts its platform in Amazon Web Services’ infrastructure within the European Union. AWS holds multiple industry standard certifications relating to security and availability.

review-icon

Responsible Disclosure

FundApps works to continuously review and improve its platform’s security. If you believe you have discovered a vulnerability in any of FundApps’ systems please get in touch at security@fundapps.co. We request that you do not publicly disclose the issue, at least until we have had a chance to address it. Our PGP key is available for download in case you need to encrypt communications with us.

PGP Key Download

Related Resources

Getting a SOC 2 Report

A combination of textbook knowledge and tips on what worked and didn’t work going through the SOC 2 assessment. Read more

Part 2: SOC 2 Concepts

Specified Parties, Description Criteria, Trust Services Categories, Trust Services Criteria and Points of Focus. Read more

Part 3: Preparing your battle plan

You’ve made yourself tea, pulled out a sheet of paper, and your pencil is razor sharp. Where do you go from here? Read more

Part 4: Writing your SOC 2 controls

Strategy set and knee-deep into trust service criteria and points of focus. Which tactics should we use? Read more