Technical & Platform Overview
Last updated
Was this helpful?
Last updated
Was this helpful?
This document provides an introduction to FundApps' shareholding disclosure service and its platform. FundApps provides shareholding disclosure monitoring services via a hosted web application which is provided via FundApps controlled infrastructure from secure and strictly controlled hosting environments. We maintain the software, continuously updating with the latest software enhancements and legislative content updates.
FundApps' web application works on a batch processing model; position data is uploaded to the system and processed in the background. Typically clients implement an automated upload job from their systems to the API endpoints provided by FundApps to receive this data. Documentation of our API and example implementations are publicly available.
Users of the system may choose to receive notification e-mails letting them know when this process has concluded, and results are available inside the system. Users use a browser-based user interface to view the results of running the batch job and follow a workflow inside the software to investigate any results and file disclosures. Historical data from checks is retained within the system to provide a timeline of results and to facilitate the correct calculation of disclosure requirements.
FundApps' web application is kept constantly up to date with the latest enhancements and fixes. We continuously deliver changes from development and content teams to client production environments. To support this activity we employ a best practices-based development approach employing test-driven development, pair programming and code review to reduce risk and improve software quality.
Every change to our software and rule content is run through an ever-growing test suite to ensure a minimal amount of risk in this continuous update process. Security considerations are built into our software lifecycle; we identify work items early on that have security implications. We conduct an annual penetration test and supply our clients with the report and a remediation plan.
Deployment of changes to our software is a fully automated and hands-off process.
FundApps platform is hosted in Amazon Web Services datacentres located in Dublin, Ireland and Frankfurt, Germany. With control over both software and infrastructure FundApps is able to deliver best in class availability and security. The principle of least privilege is applied throughout; at the network, system and software levels to tightly control the availability of data and reduce the potential for security breaches.
All client data sent to or generated inside our platform follows an encrypted data lifecycle and all interactions with the system occur over an encrypted protocol: Secure HTTP (HTTPS). FundApps keeps supported cipher suites for the SSL encryption used for HTTPS in line with industry standards and regularly runs external tests to verify this. The results of these tests are publicly available on the internet. Once data enters our platform it remains encrypted in transit throughout our networks.
On our AWS infrastructure, this data is subsequently encrypted at rest and employs a key management system which allows us to rotate the keys used for the encryption of these volumes on a regular basis. Backups are also stored encrypted at rest, meaning data is never available in cleartext.
FundApps' web application enforces several layers of access control.
Authentication: Our software allows clients to either use a single-factor authentication mechanism, the native multi-factor authentication mechanism or to integrate the platform with their Single-Sign-On.
Authorisation: Our software implements different authorisations based on roles which are described here. These roles allow us to match permissions in our software with different users' job functions.
Network access control: FundApps is able to provide further access control by applying IP restrictions to client environments, preventing access from networks other than those of the client site. These restrictions operate before any authentication to the system and prevent any requests being made to the application at all.
Client Segregation: Individual client environments are isolated at the infrastructure level using separate databases, web and engine instances.
Access Control Audit Trail: A complete audit trail is visible inside the application and allows tracking of all operations taken inside the system, along with user access events. This auditing includes any support activities performed by FundApps staff.
Our platform is hosted in facilities with top-grade physical security; we host entirely within the EU with Amazon Web Services (AWS). AWS hold industry standard certifications relating to security and availability, including but not limited to ISO 9001, 27001 and SOC I, II certifications. Full details of the certification activities undertaken by our hosting partner are available via AWS compliance.
We ship all log events generated on the platform to a central store for audit, reporting and alerting activity. Direct access to production systems is strictly restricted to key personnel with a direct operational need, and these accesses are reviewed on a monthly basis.
We have automated monitoring of critical conditions for both infrastructure and software in the platform. These conditions create alerts following escalation policies and where necessary alert operators on a 24/7 basis to preserve the integrity and availability of the platform.
Furthermore, FundApps uses a 24/7 Security Operation Centre (SOC) to detect and respond to security alerts.
Application performance and infrastructure metrics are used for capacity planning and platform management; ensuring there is always sufficient capacity available across the platform to satisfy all demands.
For our platform's technical resilience please go to this page.
