Security

From the first line of code

The protection of the data stored within and moving around the LUSID™ system has been a consideration from the very beginning. We've built the basics into everything: encryption of all data at rest, code security analysis, checks against the OWASP Top 10, TLS 2.0 to the box, role based access, behavioral anomaly detection, and other standard practices. As well as these efforts, we understand that "secure" is always an ongoing mission; the challenges, technologies and processes involved are constantly evolving and we work hard to stay up to date to keep our customers and their data safe.

Security and privacy are not only about prevention but also mitigation in the event of incident. We're careful to ensure data is stored in correctly protected silos, that client identifiers are obfuscated where possible, and that we don't store any Personally Identifiable Information (PII) anywhere on our platform. We intend to promptly provide clear advice and insight to our customers with respect any security issues or developments, so that they in turn keep their customers informed.

Collaboration

Modern security is a team effort, and as such we work closely with our technical partners, and the community, to ensure that we are offering the best security for our customers. Part of this process is being open with our customers and partners about how our security technologies and processes work, such that they can be constantly reviewed and improved. Whether it be ensuring preventative technologies are implemented correctly or leveraging cutting edge developments, security at FINBOURNE is not just improved by the people in the room, but by a wider community of specialists.

Building a private data system in a public cloud environment requires a broad spectrum of technical expertise, so we work closely with Amazon Web Services and other partners to make sure we're doing all we can to secure LUSID.

Privacy as well as security

The protection of customers' data includes their users' identities - so we don't store them. At all. LUSID has been designed to work exclusively with third party identity systems and we don't persist identity information, meaning user details will never be stored with their data, or telemetry.

By partnering with the best in identity management, and integrating with our customers' existing identity solutions, we can offer secure and smooth login experiences to integrate with our customers' systems. Deferring identity protection to the experts allows our customers to take advantage of the latest standards in login validation (e.g. Multi Factor Authentication (MFA): one-time codes, biometrics) as well as manage access to their data centrally.

Standards

By working to security and data management standards across our technology and organisation, we communicate to our customers what they can expect with respect to the handling and custody of their data.

We're building our software to in line with the FCA FG16/5 guidance and by hosting Amazon Web Services we benefit from their comprehensive security standards.

Requirements driven

We understand our customers have different security standards, existing infrastructure and regulatory requirements. While LUSID has a robust set of default security features, we offer different deployment levels from using our secure hosted environment, through to deployments into customer owned AWS accounts with data secured using their keys.

Organisational security

We want our customers to have peace of mind that their data is safe, so as well as any technical measures we take, we're also constantly evaluating what measures we can take as an organisation to further this cause. All of our employees have appropriate on-boarding and background checks, and we're registered with the UK Information Commissioner's Office (ICO) registration no. ZA244627.