LogoLogo
Current Version
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
Current Version
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
  • Welcome to FundApps' Policy Portal
  • FundApps Policies
    • Technical & Platform Overview
    • Software Development
    • Risk Management
      • Risk Management Framework
      • Information Asset Register
      • Information Systems Register
      • Data Classification and Protection Standard
    • Information Security Management System
      • Information Security Management Policy
      • Scope
      • Statement of Applicability
      • Objective Plan
      • Roles, Responsibilities and Organisation
      • Performance Evaluation
      • Internal Audit Policy
      • Internal Audit Plan for a 3 year cycle
      • Continual Improvement Process
      • Internal and External Communication Plan
      • Document Control Policy
    • Information Security Policies
      • Client Services Access to Client Environments
      • Employee Guide
      • Security Awareness Program
      • Social Media
      • Access Control
      • Physical Security
      • Network Security
      • Logging, Monitoring and Alerting
      • Incident Response
      • Data Backups
      • Privacy Policy
      • Vulnerability Management Policy
      • Security Exception Management Policy
      • Information Security Risk Register
      • Data Retention Policy
      • Patch Management Policy
      • Cryptographic Policy
      • Information Security in Project Management
      • Information Transfer Policy
      • Third Party Risk Management
    • Business Continuity
      • Business Continuity Management System
      • Business Continuity Policy
      • Business Continuity Risk Register
      • Technical Resilience
      • Business Continuity Documents
    • Personnel & Safety
      • Overview
      • Code of Conduct
      • Health and Safety
      • Third party vendors
      • The FundApps Code for Third Parties
  • Legal Information
    • 📖General Terms
      • Fair Usage Policy
      • Third Party Data Provider Terms
    • DORA
      • Operational Resilience Statement
      • Statement on Contractual Compliance
      • Subcontractors and Service Location
      • Threat-Led Penetration Tests (TLPT) Policy
    • Insurance
    • 🌍Carbon Neutral
  • Policy Change Log
    • March 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • August 2024
    • July 2024
    • June 2024
    • April 2024
    • February 2024
    • January 2024
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • June 2023
    • February 2023
    • December 2022
    • October 2022
    • September 2022
    • June 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • August 2021
    • July 2021
    • January 2021
    • August 2020
    • May 2020
    • March 2020
    • November 2019
    • September 2019
Powered by GitBook
On this page
  • Overview
  • Scope
  • Leadership
  • Top management commitment
  • Management commitment
  • Staff welfare
  • Awareness of the BCMS
  • Needs and expectations of interested parties
  • Media handling
  • Neighbours
  • Emergency services
  • FundApps Staff
  • Pressure groups
  • Compliance with relevant laws & regulations
  • FundApps Clients
  • Shareholders

Was this helpful?

Export as PDF
  1. FundApps Policies
  2. Business Continuity

Business Continuity Management System

Overview

Our clients include high profile companies with high availability and service expectations. It is therefore vital that FundApps maintain service and in the event of disruption, are able to effectively manage the incident and communicate with all key interested parties.

Any loss of service from the data centres or our key services will impact the reputation of FundApps, result in loss of revenue through service credits and other compensations, and potentially damage FundApps irreparably in the marketplace.

NOTE: This document describes the management systems framework intended for compliance with ISO 22301. It is designed to provide some documentation that is needed by ISO 22301, with pointers to the other key documents, and is aligned in structure to ISO 22301 for ease of assessing compliance.

Scope

The scope of the Business Continuity Management System includes:

  • The following locations:

    • FundApps offices (London, GB; New York, USA; Singapore, Singapore)

    • Amazon data centres in:

      • Dublin

      • Frankfurt

  • Included in the scope are all FundApps staff and any key contractors working on behalf of FundApps

All data centre provision and hardware operations are outsourced to Amazon Web Services. FundApps do not have cause to visit these locations. All data centre staff and operations are outside the scope. All of FundApps’ products and services are within scope.

Leadership

Top management commitment

Top management commitment is demonstrated through the policy endorsed by the management team including Andrew White, CEO, Toby O'Rourke, CTO, and the participation of the top management team in the Crisis Management Team and their active involvement in the associated exercising alongside operational teams.

Management commitment

Management commitment is shown by:

  • Policy and objectives endorsed by the CEO;

  • Integration of business continuity into the FundApps process model;

  • Promoting the improvement of the existing business continuity provisions to meet good practice as now recognized in ISO 22301;

  • Committing all business areas to supporting business continuity development;

  • Participation of management in BIA process and encouraging relevant team members to contribute too;

  • Participation of management, deputies and team members in exercising at business unit level.

As part of establishing the BCMS the following has been undertaken:

  • Establishing roles, responsibilities and competencies and associated training programme;

  • Defining acceptable risk;

  • Establishing internal audit procedures and programme;

  • Establishing management review processes that monitor the effectiveness of the BCMS;

  • Demonstrating continual improvement.

Staff welfare

Following a disruptive incident, our highest priority is staff welfare, so they are safe and able to address the other matters arising from the incident.

This includes ensuring safe evacuation from affected premises, safe containment within affected premises, ensuring that staff are paid in a timely manner, and managing all issues arising from disruptive incidents that directly impact on staff.

Awareness of the BCMS

FundApps’s management team have experience from other organisations that promoted an awareness of the need for business continuity and consequently the resilience of the service has always been a key consideration. This has been re-enforced by some planned activities such as moving office, recent transport strikes and planned maintenance in the data centre requiring a planned failover to the alternate data centre. All such events are recorded within the BCMS.

Needs and expectations of interested parties

FundApps considered all potential interested parties and referred to Figure 2 to ensure comprehensive coverage.

FundApps’s key interested parties include:

  • FundApps’ shareholders – FundApps is a privately held company and not quoted on the LSE or elsewhere;

  • FundApps’ staff;

  • FundApps’ clients;

  • Financial Services regulators who preside over the activities of FundApps’ clients.

Media handling

Media handling is undertaken directly by the CEO. Further media handling during an incident is undertaken within the Crisis Management process, with specific guidance in the Crisis Management Plan.

Neighbours

Neighbours activities have been considered as part of the risk assessment, in order to identify any areas where neighbours’ activities may pose risks to FundApps operations. FundApps have liaised with the landlord’s agents and other building occupants regarding business continuity issues, in particular rehearsing evacuation procedures, sharing information and liaising with the emergency services.

Emergency services

Emergency Services will in most circumstances deal with the landlords – i.e. the hosting provider at the data centres and the landlord’s agents at FundApps office. In some circumstances, FundApps may specifically be contacted and one such circumstance was explored during the 2014 Crisis Management exercise which required working with the Ambulance, Police and HPA.

FundApps Staff

FundApps’s staff have expectations that FundApps will continue to employ them and treat them fairly with due care in the event of a disruptive incident.

All staff are required to provide emergency contact details and these are held in our internal portal, providing a means of contacting staff outside of the normal channels and allowing FundApps to provide information to the emergency services should the need arise.

Pressure groups

FundApps have not been specifically targeted by pressure groups but are aware that they and their clients may be targeted due to the general discontent with financial services firms following the financial crisis. This is specifically reviewed as part of the business continuity risk assessment and is under constant review as part of the maintenance and enhancement of the ISMS.

Compliance with relevant laws & regulations

FundApps complies with all applicable UK Laws including Health and Safety at Work Act 1974 and these are detailed in the ISMS. FundApps have no specific legal and regulatory obligations to implement business continuity management. This is reviewed annually as part of the overall BCMS review. This review is a simple process:

  1. Identify any key changes to legislation that may apply to FundApps;

  2. Review new clients or changes to existing clients’ business to determine if there are any legal and regulatory requirements on them that may imply new or changed requirements on FundApps;

  3. Any issues that arise are included as non-conformities within the BCMS where they will be assigned ownership and resolved.

FundApps Clients

New clients’ legal and regulatory requirements are always considered during the sales process.

FundApps’ target clients are Financial Services Firms who have advanced business continuity programmes including There is an expectation in clients that FundApps will have business continuity management in place, this forming an implicit or explicit part of the contractual relationship with the clients.

Clients are responsible for the IT DR relating to their services. FundApps offer and will build resilient services with appropriate IT DR. A plan has been lodged with FundApps within its BCMS. FundApps are therefore contractually obligated to enact these when a major incident occurs. Clients therefore have a reasonable expectation that FundApps have the capacity and capability to do this.

Shareholders

FundApps’s shareholders have a reasonable expectation that the company will continue to operate and make returns on capital. Consequently ensuring that unexpected and difficult incidents are managed effectively is an implied requirement on FundApps of their financial backers.

PreviousBusiness ContinuityNextBusiness Continuity Policy

Last updated 1 year ago

Was this helpful?

Figure 2: Potential interested parties (from ISO 22313)