Security
At Fund Recs, security is embedded in everything we do, ensuring that our clients' data is protected at every layer. Our platform is designed with advanced security measures, allowing you to trust that your data is always safe and secure.
Compliance
At Fund Recs, we are fully compliant with industry standards and certifications, providing transparency and confidence in our security practices:
-
ISO 27001:2013 Certified – Our security controls have been audited by a third party, and we hold the ISO 27001 certification.
-
SOC 2 Type II – Our platform undergoes regular third-party audits to ensure the effectiveness of our security controls.
-
Cloud Security Alliance STAR Registrant – We participate in the Cloud Security Alliance (CSA) program, enabling clients to verify our adherence to cloud security best practices.
Information Security
Encryption in Transit
All data sent to or from the Fund Recs platform is encrypted using Transport Layer Security (TLS) 1.2, ensuring secure communication across networks. Our web application is accessible exclusively over HTTPS, with encryption protocols regularly updated to meet industry standards. File transfers are only through secure protocols via SFTP.
Encryption at Rest
Client data is stored using Amazon Web Services (AWS) infrastructure including RDS, Dynamo and S3, where all data at rest is encrypted with AES-256, a trusted encryption standard. All configurations (for example passwords) required by the Fund Recs web application are stored within secret manager and are encrypted
at rest.
Encryption Keys
Encryption keys are created and managed using AWS-KMS (Key Management Service). The key material is generated within hardware security modules (HSMs) managed by AWS KMS.
Proactive Threat Detection and Monitoring
Fund Recs employs advanced monitoring tools like AWS-Guard Duty and a Security Information and Event Management (SIEM) system to detect, analyze, and respond to potential threats in real time. Our 24/7 monitoring ensures that any suspicious activity is addressed promptly, with automatic alerts to our security team through JIRA for immediate action.
User Access Controls
Authentication
Fund Recs supports Single Sign-On (SSO) via SAML, allowing our clients to enforce their own authentication policies seamlessly.
For added security, multi-factor authentication (MFA) is mandatory for all users, safeguarding access to the platform.
Password Policies
Strong password policies are enforced for Fund Recs web application users.
Role-Based Access
Access within the Fund Recs platform is controlled using custom Identity and Access Management (IAM) roles, ensuring that clients only have access to their specific data.
Network Access
Clients benefit from network-level access controls such as IP restrictions, ensuring that only authorized networks can access the platform.
Anti-Virus Scanning
All files uploaded by users are scanned for malicious content. Applications block the usage of a file if any malicious content is found.
Stability and Availability
High Availability and Disaster Recovery
Fund Recs' infrastructure is designed with resilience in mind. We have load balancing in place and automatic failover to multiple backups sites in the event of a disaster.
Data Segregation
Client data is stored in dedicated environments, with separate encryption keys for each client to prevent data overlap. This ensures that each client’s data remains isolated and secure.
Fund Recs SOC 2 Type 2 Compliant
Fund Recs System and Organization Controls (SOC) Type 2 Report is an independent third-party examination report that demonstrates how Fund Recs achieves key compliance controls and objectives. The purpose of the report is to help you and your auditors understand the Fund Recs controls established to support operations and compliance. Our SOC 2 Type 2 report is available on demand.
Fund Recs is ISO 27001:2013 certified
ISO 27001:2013 (the current version of ISO 27001) provides a set of standardised requirements for an Information Security Management System (ISMS). The standard adopts a process based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS.
Data Encryption
Data is encrypted in transit and at rest. All data over the web is transmitted via HTTPS, a secure encryption protocol and data is stored in encrypted format using 256-bit Advanced Encryption Standard (AES). All client data is fully segregated on separate database instances.
Enterprise Security
Fund Recs incorporates several Enterprise grade security features including:
- Multi-factor Authentication
- Single Sign On available (SSO)
Penetration Testing
Fund Recs has regular penetration tests carried out by a certified independent vendor.