# Information Transfer Policy ## Objective The purpose of this policy is to define the way in which FundApps maintains the security of information transferred within FundApps and with any external entity. ## Scope This policy applies to all FundApps Information Systems. ## Policy Information transferred within FundApps as well as with external entities must comply with the rules set out in the Transmission section of the [Data Classification and Protection Standard](/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/risk-management/data-classification.md#classification-and-protection-guidance), as well as the [Acceptable Use section of the Employee guide](/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/infosec/index.md#acceptable-use). Information must be transmitted through FundApps Information Systems (which include the FundApps managed email system). Exceptions to this requirement must be validated by the Head of Information Security, the CTO or the CEO. Information transmitted to FundApps through email must be scanned for malware before being downloaded by end users. Endpoint Detection and Response tools must be deployed to all FundApps devices in order to detect and respond to any malware which may have been transferred to FundApps devices. Information transferred must be cryptographically encrypted in line with the [Cryptographic Policy](/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/infosec/cryptographic-policy.md). Information protected by a strict ACL (Access Control List) must be transferred in a way which continues to guarantee the ACL is maintained. For example, one should share the link to the information system the information is maintained in, rather than the information itself. Sensitive information must not be shared over the phone in public places. ### Transferring information with clients When transferring sensitive information with clients, usage of FundApps' platform API or User Interface should be privileged. Sending the information through email as an encrypted password protected attachment is an acceptable alternative. Upon contract termination, the client may require for FundApps to send information stored in the FundApps platform. The transfer of this information must be made in adherence with any relevant clause in the client contract and the requirements set out in this policy. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://policies.fundapps.co/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/infosec/information-transfer-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.