LogoLogo
Current Version
Current Version
  • Welcome to FundApps' Policy Portal
  • FundApps Policies
    • Technical & Platform Overview
    • Software Development
    • Risk Management
      • Risk Management Framework
      • Information Asset Register
      • Information Systems Register
      • Data Classification and Protection Standard
    • Information Security Management System
      • Information Security Management Policy
      • Scope
      • Statement of Applicability
      • Objective Plan
      • Roles, Responsibilities and Organisation
      • Performance Evaluation
      • Internal Audit Policy
      • Internal Audit Plan for a 3 year cycle
      • Continual Improvement Process
      • Internal and External Communication Plan
      • Document Control Policy
    • Information Security Policies
      • Client Services Access to Client Environments
      • Employee Guide
      • Security Awareness Program
      • Social Media
      • Access Control
      • Physical Security
      • Network Security
      • Logging, Monitoring and Alerting
      • Incident Response
      • Data Backups
      • Privacy Policy
      • Vulnerability Management Policy
      • Security Exception Management Policy
      • Information Security Risk Register
      • Data Retention Policy
      • Patch Management Policy
      • Cryptographic Policy
      • Information Security in Project Management
      • Information Transfer Policy
      • Third Party Risk Management
    • Business Continuity
      • Business Continuity Management System
      • Business Continuity Policy
      • Business Continuity Risk Register
      • Technical Resilience
      • Business Continuity Documents
    • Personnel & Safety
      • Overview
      • Code of Conduct
      • Health and Safety
      • Third party vendors
      • The FundApps Code for Third Parties
  • Legal Information
    • 📖General Terms
      • Fair Usage Policy
      • Third Party Data Provider Terms
    • DORA
      • Operational Resilience Statement
      • Statement on Contractual Compliance
      • Subcontractors and Service Location
      • Threat-Led Penetration Tests (TLPT) Policy
    • 📃Insurance
    • 🌍Carbon Neutral
  • 🤖AI
    • 💬FundApps Assistant (Intercom)
  • Policy Change Log
    • May 2025
    • March 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • August 2024
    • July 2024
    • June 2024
    • April 2024
    • February 2024
    • January 2024
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • June 2023
    • February 2023
    • December 2022
    • October 2022
    • September 2022
    • June 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • August 2021
    • July 2021
    • January 2021
    • August 2020
    • May 2020
    • March 2020
    • November 2019
    • September 2019
Powered by GitBook
On this page
  • Objective
  • Scope
  • Policy
  • Transferring information with clients

Was this helpful?

Export as PDF
  1. FundApps Policies
  2. Information Security Policies

Information Transfer Policy

PreviousInformation Security in Project ManagementNextThird Party Risk Management

Last updated 1 year ago

Was this helpful?

Objective

The purpose of this policy is to define the way in which FundApps maintains the security of information transferred within FundApps and with any external entity.

Scope

This policy applies to all FundApps Information Systems.

Policy

Information transferred within FundApps as well as with external entities must comply with the rules set out in the Transmission section of the , as well as the .

Information must be transmitted through FundApps Information Systems (which include the FundApps managed email system). Exceptions to this requirement must be validated by the Head of Information Security, the CTO or the CEO.

Information transmitted to FundApps through email must be scanned for malware before being downloaded by end users.

Endpoint Detection and Response tools must be deployed to all FundApps devices in order to detect and respond to any malware which may have been transferred to FundApps devices.

Information transferred must be cryptographically encrypted in line with the .

Information protected by a strict ACL (Access Control List) must be transferred in a way which continues to guarantee the ACL is maintained. For example, one should share the link to the information system the information is maintained in, rather than the information itself.

Sensitive information must not be shared over the phone in public places.

Transferring information with clients

When transferring sensitive information with clients, usage of FundApps' platform API or User Interface should be privileged. Sending the information through email as an encrypted password protected attachment is an acceptable alternative.

Upon contract termination, the client may require for FundApps to send information stored in the FundApps platform. The transfer of this information must be made in adherence with any relevant clause in the client contract and the requirements set out in this policy.

Cryptographic Policy
Data Classification and Protection Standard
Acceptable Use section of the Employee guide