Security
At FundApps we believe that trust is paramount to our business. We want our clients to trust us so that we can deliver the best service to them and we need our providers to be trustworthy so that we can use their services confidently.
Security is the key element which will build that trust
It is the security features in a bank note that allows a shop owner to trust the piece of paper you’ve given them in exchange for some groceries. This is why we’ve baked security into each of our processes, creating a robust and effective control environment which is reviewed annually through a SOC 2 attestation. These are the key security features that are built into our platform. For more information please get in touch.
Data Security
Encryption in Transit
All client data sent to or generated inside our platform follows an encrypted data lifecycle and all interactions with the system occurs over an encrypted protocol: Secure HTTP (HTTPS). We keep supported cipher suites for the SSL encryption used for HTTPS in line with industry standards and regularly run external tests to verify this, the results of these tests are publicly available. Once data enters our platform it remains encrypted in transit throughout our networks.
Encryption at Rest
Client data is encrypted at rest and employs a key management system which allows us to rotate the keys used for the encryption of these volumes on a regular basis. Backups are also stored encrypted at rest, meaning your data is never available in cleartext.
Security Assessments
FundApps’ platform and code is tested for vulnerabilities by CREST accredited third parties, as well as through continuous automated Application Security Tools.
Intrusion Detection and Mitigation
FundApps implements intrusion detection capabilities which are coupled with a 24/7 SOC so we can detect and react to any threat at any time.
Access Control
FundApps enforces several layers of access control.
Authentication
FundApps platforms allows clients to integrate their Single-Sign-On solution thus automating provisioning/deprovisioning of their accesses, and providing their users with a transparent authentication process. Alternatively clients may use multi-factor authentication.
Authorisation
The FundApps platform implements authorisations based on different roles. These roles allow matching permissions in the platform with our client’s users job functions, based on the least privilege principle.
Network Access Control
FundApps is able to provide further access control by applying IP restrictions to client environments, preventing access from networks other than those specified by the client. These restrictions operate before any authentication to the system and prevent any requests being made to the application at all.
Client Segregation
Client data is hosted in client specific environments to ensure there is no risk of data commingling.
Resilience
Our infrastructure stack is designed with two primary failure modes: Failover and Disaster Recovery.
Failover is catered for entirely within a single geographic region (Ireland) using a highly available primary environment. In this primary environment, data is replicated synchronously and spread across several data centres which each have discrete power and internet connectivity.
Disaster Recovery is provided from a secondary geographic region (Germany) and this mode is intended to meet a 4 hour RTO (Return Time Objective) in case of total loss/failure of the primary environment. This capability is tested annually to ensure our RTO can be met.
Compliance
FundApps - ISO 27001
FundApps' security controls were reviewed by a third-party auditor, which issued an ISO 27001:2013 certification.
FundApps - SOC 2
A third party validates the suitability and effectiveness of all of FundApps’ security controls. Reports are available on demand.
FundApps - STAR Registrant
FundApps is a STAR registrant for the Cloud Security Alliance (CSA). This allows clients and prospects to see for themselves how FundApps complies with cloud security good practices.
FundApps - Privacy Policy
FundApps complies with data protection regulations such as GDPR as described in its privacy policy.
Amazon Web Services
FundApps hosts its platform in Amazon Web Services’ infrastructure within the European Union. AWS holds multiple industry standard certifications relating to security and availability.
Responsible Disclosure
FundApps works to continuously review and improve its platform’s security. If you believe you have discovered a vulnerability in any of FundApps’ systems please get in touch at security@fundapps.co. We request that you do not publicly disclose the issue, at least until we have had a chance to address it. Our PGP key is available for download in case you need to encrypt communications with us.