# Scope

The ISMS applies to all services which FundApps delivers to its clients. It also applies to the information assets, processes, teams and external service providers which FundApps relies on to provide these services.

### Services provided <a href="#services-provided" id="services-provided"></a>

FundApps provides the following services:

**Shareholding Disclosure**

FundApps’ Shareholding Disclosure service monitors disclosure requirements for major shareholding, short selling and takeover panels. Position data is uploaded daily and users are alerted to new disclosures. Disclosures are made on time without mistakes.

**Position Limits**

FundApps' Position Limits service simplifies the process of monitoring position limits on derivative contracts which are imposed by exchanges across the globe as well as regulators (e.g. CFTC, ESMA via MiFID II). Our service informs our clients on where their positions are versus applicable limits and acts as an early warning system.

**Sensitive Industries**

FundApps simplifies the process of monitoring sensitive industries investment and foreign ownership. Position data is uploaded daily and users are alerted to pre-approval warnings, notifications for disclosure obligations and hard stop breaches.

**Filing Manager**

Filing Manager automates the disclosure process for short selling reporting. It uses the client-provided data and provides a fully audited service to file for the client. It identifies disclosures for short positions once the position file runs and prepares them to be submitted to the relevant regulator.

**Annex IV reporting**

AIFMD Annex IV reporting requires detailed disclosures on investor data, risk exposures, liquidity, and financing to enhance transparency in the alternative investment space. We automate data aggregation, centralise workflows, and provide full calculation visibility at every stage.

**Sanctions Monitoring**

FundApps’ Sanctions Monitoring checks portfolios against global sanctions lists, including OFAC and EU/UK lists.

**Filing Form PF**

FundApps automates data aggregation, provides a platform for compliance to make adjustments, and validates every field against the SEC’s technical requirements.

**Poison Pill Monitoring**

FundApps’ Poison Pills Monitoring service helps clients identify whether any holdings are associated with poison pill provisions.

**Investment Monitoring**

FundApps' Investment Monitoring allows clients to apply internal, prospectus, and mandate rules within the FundApps platform using templated rules.

**UCITS and AIFMD Monitoring**

The service provides automated, rule-based monitoring aligned with two of Europe’s most important regulatory frameworks. Nearly 50 rules are captured across both frameworks covering the following rule categories.

### People <a href="#people" id="people"></a>

The FundApps departments within the scope of the ISMS are:

* **Client Services** – On-board clients and assist them throughout their experience with our software.
* **Regulatory** – Help to ensure rules correctly mirror current regulations.
* **Operations** – Team responsible for FundApps finances, legal matters, employer brand, recruitment and onboarding through to development, reward and recognition.
* **Product** – Design and develop products to achieve the company’s objectives.
* **Engineering** – Manage and maintain system architecture and design for all hosted clients.
* **Revenue -** Attract new business through partnerships, marketing, business development, closing deals with sales or retaining revenue with account management.

At a high level, the following executives and teams support FundApps’ processes and services:

* **CEO** – Assigns authority and responsibility for operating activities and reporting relationships. FundApps’ CEO defines and communicates the company’s objectives.
* **CFO** - Responsible for managing a company's financial actions, including tracking cash flow, financial planning, and analysing financial strengths and weaknesses, while serving as a strategic partner to the CEO to drive growth.
* **Head of Client Services** – Takes the lead in owning FundApps client portfolio and drive cross-team collaboration to support FundApps’ objectives.
* **Chief Product Officer** – Accountable for all product management and content team activities globally.
* **Chief Technology Officer** – Provides direction and decision making on what technologies to use, the architecture of the platforms and best technical practices to follow.
* **Chief People Officer** – Reporting directly to the CEO, the head of People Operations smooths the next phase in growth as FundApps scales.
* **Head of Information Security** – Responsible for managing Information Security, Cyber Security and Business Continuity risks potentially impacting FundApps.

### Offices <a href="#offices" id="offices"></a>

FundApps operates out of three offices:

* 18th Floor, HYLO, 105 Bunhill Row, London, EC1Y 8LZ, United Kingdom
* 276 5th Ave, Suite 502-503, New York, NY 10001
* \#13-135, 71 Robinson Road, 068895, Singapore

### Infrastructure

FundApps services make use of a resilient infrastructure hosted in Amazon Web Services\
(“AWS”) and designed to address a range of adverse scenarios such as:

* Single or multiple data centres (but not all data centres) fail within an AWS region;
* Data loss or database corruption;
* Breaking changes;
* Insufficient capacity;
* Misconfigurations.

These adverse scenarios are addressed through high availability and disaster recovery\
capabilities. High availability is achieved through highly redundant networking and compute and\
data storage distributed across availability zones within an AWS region(Europe (Ireland)).

Availability Zones consist of one or more discrete data centres, each with redundant power,\
networking, and connectivity, housed in separate facilities.

The user interface, the API, the compute, and the data storage for client positions use a multi-\
site active/active strategy. The data storage for client results uses a warm standby strategy.

Disaster recovery is achieved through the use of one or several of these capabilities:

* Automated backups stored in multiple data centres across two different AWS regions\
  (Europe (Ireland) and Europe (Frankfurt));
* Restoring data from backup to a database in the same or a different data center within\
  an AWS region (Europe (Ireland));
* Redeploying the last known good version of the platform's software.

FundApps’ disaster recovery process is intended to meet a 4-hour RTO (Recovery Time\
Objective) and a 30-minute RPO (Recovery Point Objective).\
FundApps tests various scenarios impacting availability and the results of these tests are\
published in the Policy Portal.

### Software and Tools <a href="#software" id="software"></a>

FundApps relies on various applications, tools, and infrastructure components to support its information security management system.

FundApps' platform consists of software that supports its applications, including software for our build pipeline, deployment tools used to deploy to AWS environments, and automation software for managing cloud infrastructure changes.

In addition, FundApps utilises systems for:

* Identity and Access Management to control authentication and authorisation.
* Development and Change Management to track and manage software changes securely.
* Security Monitoring and Threat Detection to protect against, detect, and respond to security threats.
* Communication and Collaboration to facilitate internal and external information sharing.
* Customer Support and Relationship Management to manage client interactions and service requests.

FundApps ensures that all business-critical applications and tools within the ISMS scope are assessed for security risks, aligned with industry best practices, and regularly reviewed to maintain compliance with ISO 27001. A current list of subprocessors is maintained in our [Privacy Policy](https://www.fundapps.co/privacy-policy).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://policies.fundapps.co/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/information-security-management-system/scope.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.