LogoLogo
Current Version
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
Current Version
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
  • Welcome to FundApps' Policy Portal
  • FundApps Policies
    • Technical & Platform Overview
    • Software Development
    • Risk Management
      • Risk Management Framework
      • Information Asset Register
      • Information Systems Register
      • Data Classification and Protection Standard
    • Information Security Management System
      • Information Security Management Policy
      • Scope
      • Statement of Applicability
      • Objective Plan
      • Roles, Responsibilities and Organisation
      • Performance Evaluation
      • Internal Audit Policy
      • Internal Audit Plan for a 3 year cycle
      • Continual Improvement Process
      • Internal and External Communication Plan
      • Document Control Policy
    • Information Security Policies
      • Client Services Access to Client Environments
      • Employee Guide
      • Security Awareness Program
      • Social Media
      • Access Control
      • Physical Security
      • Network Security
      • Logging, Monitoring and Alerting
      • Incident Response
      • Data Backups
      • Privacy Policy
      • Vulnerability Management Policy
      • Security Exception Management Policy
      • Information Security Risk Register
      • Data Retention Policy
      • Patch Management Policy
      • Cryptographic Policy
      • Information Security in Project Management
      • Information Transfer Policy
      • Third Party Risk Management
    • Business Continuity
      • Business Continuity Management System
      • Business Continuity Policy
      • Business Continuity Risk Register
      • Technical Resilience
      • Business Continuity Documents
    • Personnel & Safety
      • Overview
      • Code of Conduct
      • Health and Safety
      • Third party vendors
      • The FundApps Code for Third Parties
  • Legal Information
    • 📖General Terms
      • Fair Usage Policy
      • Third Party Data Provider Terms
    • DORA
      • Operational Resilience Statement
      • Statement on Contractual Compliance
      • Subcontractors and Service Location
      • Threat-Led Penetration Tests (TLPT) Policy
    • Insurance
    • 🌍Carbon Neutral
  • Policy Change Log
    • March 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • August 2024
    • July 2024
    • June 2024
    • April 2024
    • February 2024
    • January 2024
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • June 2023
    • February 2023
    • December 2022
    • October 2022
    • September 2022
    • June 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • August 2021
    • July 2021
    • January 2021
    • August 2020
    • May 2020
    • March 2020
    • November 2019
    • September 2019
Powered by GitBook
On this page
  • Services provided
  • People
  • Offices
  • Infrastructure
  • Software and Tools

Was this helpful?

Export as PDF
  1. FundApps Policies
  2. Information Security Management System

Scope

The ISMS applies to the shareholding disclosure, position limits, sensitive industries, annex IV reporting and Filing Manager services, which FundApps delivers to its clients. It also applies to the information assets, processes, teams and external service providers which FundApps relies on to provide these services.

Services provided

FundApps’ five main services provided are:

Shareholding Disclosure

FundApps’ Shareholding Disclosure service monitors disclosure requirements for major shareholding, short selling and takeover panels. Position data is uploaded daily and users are alerted to new disclosures. Disclosures are made on time without mistakes.

Position Limits

FundApps' Position Limits service simplifies the process of monitoring position limits on derivative contracts which are imposed by exchanges across the globe as well as regulators (e.g. CFTC, ESMA via MiFID II). Our service informs our clients on where their positions are versus applicable limits and acts as an early warning system.

Sensitive Industries

FundApps simplifies the process of monitoring sensitive industries investment and foreign ownership. Position data is uploaded daily and users are alerted to pre-approval warnings, notifications for disclosure obligations and hard stop breaches.

Filing Manager

Filing Manager automates the disclosure process for short selling reporting. It uses the client-provided data and provides a fully audited service to file for the client. It identifies disclosures for short positions once the position file runs and prepares them to be submitted to the relevant regulator.

Annex IV reporting

AIFMD Annex IV reporting requires detailed disclosures on investor data, risk exposures, liquidity, and financing to enhance transparency in the alternative investment space. We automate data aggregation, centralise workflows, and provide full calculation visibility at every stage.

People

The FundApps departments within the scope of the ISMS are:

  • Client Services – On-board clients and assist them throughout their experience with our software.

  • Regulatory team– Help to ensure rules correctly mirror current regulation.

  • Finance – Manage FundApps’ budget, cash flow, tax planning and record keeping.

  • People Operations – Team responsible for employer brand, recruitment and on-boarding through to development, reward and recognition.

  • Product – Design and develop products to achieve the company’s objectives.

  • Engineering – Manage and maintain system architecture and design for all hosted clients.

At a high level, the following executives and teams support FundApps’ processes and services:

  • CEO – Assigns authority and responsibility for operating activities and reporting relationships. FundApps’ CEO defines and communicates the company’s objectives.

  • Global Head of Client Services – Takes the lead in owning FundApps client portfolio and drive cross-team collaboration to support FundApps’ objectives.

  • Chief Product Officer – Accountable for all product management and content team activities globally.

  • Chief Technology Officer – Provides direction and decision making on what technologies to use, the architecture of the platforms and best technical practices to follow.

  • Chief Revenue Officer– Accountable for all sales activities within the region and as the People Leader for the Regional Sales team.

  • Head of People – Reporting directly to the CEO, the head of People Operations smooths the next phase in growth as FundApps scales.

  • Head of Information Security – Responsible for managing Information Security, Cyber Security and Business Continuity risks potentially impacting FundApps.

Offices

FundApps operates out of three offices:

  • 18th Floor, HYLO, 105 Bunhill Row, London, EC1Y 8LZ, United Kingdom

  • 276 5th Ave, Suite 808, New York, NY 10001

  • #13-135, 71 Robinson Road, 068895, Singapore

Infrastructure

FundApps services make use of a resilient infrastructure, which is hosted within multiple data centres (availability zones) and regions operated by Amazon Web Services. There are two environments with a primary environment made up of three data centres within a single geographic region, from which the service is provided in normal operation. There is also a secondary environment in an alternate geographic region, which is used in case the primary environment is unavailable. Each of the three data centres within the primary environment have discrete power and Internet connectivity. FundApps’ primary environment is designed to continue to provide its service should two of the three centres suffer concomitant failures. Should the whole primary environment fail, FundApps has procedures to recover its service in the secondary environment. The critical components of this highly available infrastructure include:

  • Proxy servers, which filter inbound traffic and route them to the correct service;

  • Serverless computing elements and containers which perform apply rule sets analysis of FundApps clients’ financial positions and provide clients with a web user interface and an application programming interface (API); and

  • Databases, which store the results of this analysis, as well as objects and events related to client environments.

Software and Tools

FundApps relies on various applications, tools, and infrastructure components to support its information security management system.

FundApps' platform consists of software that supports its applications, including software for our build pipeline, deployment tools used to deploy to AWS environments, and automation software for managing cloud infrastructure changes.

In addition, FundApps utilises systems for:

  • Identity and Access Management to control authentication and authorisation.

  • Development and Change Management to track and manage software changes securely.

  • Security Monitoring and Threat Detection to protect against, detect, and respond to security threats.

  • Communication and Collaboration to facilitate internal and external information sharing.

  • Customer Support and Relationship Management to manage client interactions and service requests.

FundApps ensures that all business-critical applications and tools within the ISMS scope are assessed for security risks, aligned with industry best practices, and regularly reviewed to maintain compliance with ISO 27001. A current list of subprocessors is maintained in our Privacy Policy.

PreviousInformation Security Management PolicyNextStatement of Applicability

Last updated 1 day ago

Was this helpful?