User Access
We recommend that clients implement the following processes to manage access to FundApps’ platform:
Provisioning processes to ensure users granted access to the FundApps platform are authorised to do so and are provided with the adequate role and scope.
De-provisioning processes, to ensure users who are no longer authorised to the FundApps platform have their accesses revoked in a timely fashion.
Regular access reviews ensure there haven’t been any exceptions to the two previous processes, that all accesses are still required (e.g., all users have logged in to the FundApps platform in a recent time period), and that they are still adequate in terms of privileges and scope.
The privileges granted to each role in the FundApps platform are listed in this article.
Sharing Files & Screenshots
In your e-mail correspondence with FundApps, please do not attach confidential information such as entire upload files used in your FundApps production environment or passwords. If in doubt, please consult us beforehand.
Additionally, to protect confidential information, please make sure that you mask sensitive information in screenshots (e.g., ISIN, Quantity held, % holding). Please do not share security identifiers (e.g., instrument names, issuer names) but instead provide us with IDs. These are more specific and do not expose security or asset-level information.
IP Restrictions
If you have decided to apply IP restrictions to your FundApps environment, please inform us of any changes to your production and Disaster Recovery IPs. Failing to do so could impact the availability of the FundApps platform to your users.
Restricted Email Domains
As with IP restrictions, please inform us of any changes to the list of email domains to which your FundApps platform should be restricted.
Audit Trail
All actions that modify the application or its users, including data extraction or uploading and changes affecting rule-checking or disclosure processes, are logged to the audit trail (under Admin > Audit Trail).
Users who have been granted Administrator privileges can access this audit trail. In case of abnormal activity in the platform, these users can review or export these audit trails to identify abnormal behaviours.
Third-Party Security Assessment of FundApps
FundApps has selected the Cloud Security Alliance (CSA) STAR Self-Assessment to convey our current security practices. This questionnaire maps each of its 310 questions to 35 different security standards, including ISO 27001 and SOC 2. You can find FundApps self-assessment on the Cloud Security Alliance website and our Trust Portal.
Furthermore, FundApps holds a SOC 2 Type II Report and is also available at the above link.
Single Sign-On
FundApps recommends clients implement Single Sign-on to the FundApps platform for enhanced security and the best user experience for the client’s users.
This article provides instructions on how to set up Single Sign-On. If Single Sign-On isn’t a viable option, clients should implement two-factor authentication.