Fundipedia is backed by a team of technology experts, Asset Management industry veterans, and entrepreneurial builders. We’ve been helping the likes of Barclays, Prudential and M&G take control of their data since 2007.
Our innovative technology enables the user to disseminate and reconcile any type of data. This results in end-to-end control, as well as insights that drive smart business decisions, inspiring the confidence to meet regulatory requirements with ease.
You can learn how Fundipedia employs the latest developments in Artificial Intelligence and Machine Learning >> here.
Fundipedia is delivered via a web application built on top of the .NET Framework connecting to a SQL Server database. All components are hosted on the Microsoft Azure platform using Platform as a Service (PaaS) capabilities. The Azure platform offers global infrastructure to provide both safe and highly accessible data storage. We have the capability to scale up and out using our Azure hosting platform. These platforms are actively monitored, and can be configured to auto scale if required.
The following production environment systems are implemented to ensure high availability and help implement the concepts of redundancy, monitoring and failover:
- Data backup and recovery – all data is stored in the Azure platform using a dedicated SQL database with Azure storage. Data is backed up automatically using Azure services and can be restored point-in-time. The SQL databases are geo-replicated to the standby region in case of failover. All backups are configured for maximum retention.
- Load balancing – traffic is managed across several different servers to ensure continuity of service.
- Data replication – Data is replicated to a hot-standby secondary paired region. All traffic can be repointed to a secondary region quickly and seamlessly.
Only authorised Azure services can connect to the database. By default, data encryption at rest is enabled for the database and any associated backups and logs.
Throughout the development process, a range of best practice tools and techniques are employed to counter common application layer (layer 7) attacks (such as SQL injection, cross-site scripting attacks, and session hijacks). This includes:
- In-house and independently outsourced Penetration testing on all new software releases
- Following best practice development coding standards with awareness of the OWASP framework
- No source code committed unless a senior developer has reviewed and approved the code
- Encryption of all sensitive data
All Fundipedia requests are routed through Cloudflare using HTTPS. Cloudflare provides in-built security by protecting against malicious activity like DDoS attacks, malicious bots, and other nefarious intrusions. In addition, Microsoft regularly performs penetration testing of the Azure environment, as they own and manage the hardware.
A formal disaster recovery policy is kept up to date. It aims to aid recovery as quickly and effectively as possible from an unforeseen disaster or emergency. Such an event could interrupt information systems and business operations. This is reviewed annually and tested frequently.
Fundipedia manages user authentication via a dedicated authentication OpenIDConnect – an OAuth 2.0 protocol. Security controls can be configured to meet client requirements within Fundipedia (password length, frequency of change etc) but we prefer to use a single sign-on authenticator such as Azure AD or Ping, if possible.
User permissions are controlled by system administrators and set via user groups rather than individual users using a user > group > access point permissions model. Such is the flexibility of the system, a user can be granted the ability to ‘read only’ view a subset of fields on, say, a Fund, and only for a subset of Fund records. Permissions can also be set to grant user access to specific areas of the system e.g. the data validation configuration page, or the import feeds page, and so on.
Our ISO 27001 accreditation affirms our ongoing commitment to privacy and security and confirms our controls are operating effectively. This strategy includes:
- Evaluating industry standards, assessments, and authorisations
- Targeting compliance with those that ensure a rigorous, flexible, and scalable security and privacy strategy
- Holding Cyber Essentials (and Plus) accreditation
Are you ready to take control of all your data with no additional headcount?