Security at FA Solutions

Security at FA Solutions

FA Solutions provides a single cloud-based platform for running our clients’ entire Asset & Investment management business. We deliver our services to a wide range of clients within the financial sector. The platform is utilised by fund managers, family offices, private equity firms and institutional investors. As of 2022, approximately 100 billion euros is managed in the FA  platform. Many of FA’s clients are considered as important to society.

As a financial services provider to multiple clients, maintaining our credibility is closely tied to providing a secure and stable platform for investors. Protecting our clients’ data is of the utmost concern for maintaining the flawless reputation of our asset management platform. This is why we are committed to ensuring the security and integrity of our clients’ data.

The Security Organisation in FA

FA has dedicated personnel working with information security. The security organisation is responsible for identifying and assessing potential security risks, implementing security controls to mitigate those risks, and monitoring the effectiveness of those controls. The security

organisation is also responsible for responding to security incidents and breaches, conducting audits and assessments, and providing training and awareness to employees.

Assessments and Protective Measures

FA scores 92% on the Consensus Assessment Initiative Questionnaire (CAIQ) developed by the Cloud Security Alliance (CSA). This is considered to be the industry’s best practice for cloud applications. Furthermore, FA has implemented numerous protective measures that are provided both internally and externally.

Information Security Management

Our Information Security Management System (ISMS) is the tool that builds the foundation for how FA Solutions works with information security and what type and level of security gets implemented and maintained. The ISMS is a part of business management and uses risk as input when assessing the business security needs and adopting risk-based measures. FA currently implements the following third-party certifications and assessments:

ISAE 3402 Type 2
ISO
ISO/IEC 27001:2013
  • ISAE 3402 Type II external assessment.
  • ISO/IEC 27001:2013 certified.

FA Solutions is ISAE 3402 Type II assessed

FA is certified in accordance with the International Standard on Assurance Engagements (ISAE 3402), Type II Report, also referred to as SOC 1. The ISAE report describes and audits the Service Organization Control (SOC) engagements, which provides assurance to our clients that our company has adequate internal controls. 

The general annual assurance report is included in the FA plans Accelerate and Advance. The annual assurance report is available for all FA clients and prospective customers upon request.

The report covers selected controls within the following control areas:

  • Access Management (AM) to provide reasonable assurance that logical access to the Portfolio Management Solution System is limited to authorized individuals.
  • Change Management (CM) to provide reasonable assurance that changes to application programs and related data management systems are authorised,  tested,  documented,  approved and implemented to result in the complete, accurate and timely processing of business-critical information.
  • Backup and Recovery (BR) to provide reasonable assurance that the customer systems are appropriately backed up and that data and systems can be recovered in a timely and complete manner.
  • Data Processing (DP) to provide reasonable assurance that system processing is executed in a complete, accurate and timely manner and that problems or errors are identified, recorded, and resolved according to defined processes.
FA Solutions is ISO 27001:2013 certified

FA Solutions has been found to conform to the Information Security Management System standard ISO/IEC 27001:2013 by DNV, a leading classification body in industries where data safety is essential.

ISO 27001 is the international standard that describes best practices for an ISMS (Information Security Management System). This certification by an independent third party demonstrates our commitment to prioritising information security, continual improvement and sustainable business performance. The ISMS ensures that FA has documented procedures for responding to security incidents and breaches, conducting audits and assessments, and providing training and awareness to employees.

Business Continuity and Incidents Response

FA has comprehensive continuity and incident response capabilities running in Microsoft Azure. Our robust disaster recovery and incident response plans ensure your business stays up and running, even in the face of unforeseen events. With FA, you can trust that your data is always safe and accessible and that you have the tools and support you need to quickly and effectively respond to any incident.

Security Partners

To manage our security, we collaborate with market-leading security services. This includes access to accredited penetration testers, security experts and auditors. Security monitoring is also provided through our partners. In addition to ISMS, the following practices are carried out by independent experts:

  • Release penetration test and yearly penetration test performed by certified personnel in dedicated testing environments.
  • Quarterly cloud review evaluating access controls, encryption, network configurations, and other cloud security best practices.
  • Annual audit for both ISO 27001 compliance and ISAE3402 Type 2 Assurance.