|
|
|
Security
Keeping your information
private and secure
We understand that there is no room for compromise in ensuring
that the information fund managers work with and produce is only accessible to
authorized parties. Equally, your investor community has the same requirement
that information on their investments is only available to those who have
authorized access to it. FundVault was designed to address these issues of
information security and confidentiality.
|
|
Top
|
|
Built-in Security
FundVault was designed with secure access to documents in mind:
see our section on FundVault System Security Features. However, we complement
this with personal attention to your needs, and actively working with you to
ensure that access to your documents is exactly as you intend it. In addition,
Draycott personnel continually monitor activity on the system looking for
suspicious or unusual activity. Security features use the latest techniques to
verify user identity in order that no loophole is open to unauthorized access.
|
|
Top
|
|
Responsiveness & Support
We are there to help with any enquiry you have and to act on any request that
helps you keep your information secure and confidential. Our support team is
available every day of the year, 24 hours a day.
|
|
Top
|
|
Confidentiality
Our personnel are committed to providing you with a secure,
confidential service. This includes all of our personnel signing
confidentiality agreements that commit them to working with discretion, care
and professionalism. We also have internal processes in place that track all
access to documents so that the level of security and traceability is the
highest possible.
|
|
Top
|
|
FundVault was built from the ground up document management and
access system, with security built-in to the application, to the infrastructure
the processes and systems that support them.
|
|
Top
|
|
User Security Features
Fund Manager Level Security
The different levels of access/permission given to users within
your organization will be verified with an authorized person in your
organization each time there is an addition or change. Only a ‘Super
Administrator’ can actually grant access to a particular user or remove him
from the system. Regular FundVault Administrators may not do this.
|
|
Top
|
|
Investor Level Security
Permission to access is given on an individual basis within your
investor groups. For example, a large investor group may have some individuals
following their investment in one of your funds, and others evaluating due
diligence information for your latest fund; access may be tightly tailored to
meet exactly these needs.
Investors are able to tailor the system to their exact needs.
While most investors are expected to keep their correspondence on the system,
some may use FundVault only as a secure means of document delivery. For
instance, if such an Investor would not like to keep his information and
correspondence on the system, after accessing the correspondence, he may
suppress access to it. Thereafter if he requires it again, the FundVault
Administrator will be able to reinstate access to the documents, upon request
by the investor, without the investor having to contact the fund manager.
|
|
Top
|
|
ID & Password Protection
User IDs and passwords are provided only to authorized users
with fund managers and their investor groups. Data is delivered using 128-bit
encryption, currently the highest level of data security commercially
available. No outside users will be given userid / password access to
FundVault.
FundVault Administrators (barring the ‘Super Administrator’)
also can not view user passwords, but can only reset them through the system.
The user passwords again are then delivered directly to the user.
Lost of forgotten passwords are delivered via email to the
user’s email address on file, and also may be delivered via SMS messaging
directly to the user’s mobile phone number on record. This ensures that only
the authorized user receives the password and it is done instantaneously.
|
|
Top
|
|
User Access and Password Protection
The identities of all users
are verified before they are given access to FundVault. In fact only the
highest levels within the FundVault organization are able to authorize access
to the system, to ensure that no unauthorized users are set up despite our
security procedures. Users are only able to access FundVault via their own
personal password. If you make a number of incorrect attempts to log on, we
will disable your access to the service as a security measure. You will however
be able to call our representatives available 24 hours a day, who will
reinstate access, upon verification of identity using security questions, or
you can use the on-line password verification system to request a password
reset. Upon successful user verification, you will receive your temporary
password via email or SMS instantly to your email address or your mobile phone
on file. It is our objective to provide instant gratification to legitimate
users so that they can benefit fully from the convenience of the system without
dissatisfaction caused by excessive waiting.
Please remember that it is vital you do not share your password
with anybody. By doing this you will have compromised your own security and it
will also be a breach of the terms and conditions of the service.
|
|
Top
|
|
No Unsolicited Documents
FundVault is not a tool for fund managers to distribute
unsolicited marketing materials. We will double-check that a proposed
individual, who is clearly not a current investor with a fund manager, has
agreed to receive documents. This prevents investors from being flooded with
unsolicited marketing documents and so maintains FundVault's integrity as a
focused, private document access tool for you and your investors.
|
|
Top
|
|
Document Level Security
Each document within FundVault has its own individual setting
for access permission by FundVault users. This means that fund managers can
choose exactly who may access each specific document. If a user does not have
access to a document, that user will not even be aware it exists, as it does
not show up in his view. For convenience, FundVault enables fund managers to
give access to groups of documents to users all at once.
|
|
Top
|
|
Automatic Logout
If after logging on to FundVault you do not use the service for
15 minutes, you will automatically be logged off. This is to ensure that if you
have left your PC or have forgotten to log off, the opportunity for anyone else
to access your system is reduced. However to eliminate this risk please always
ensure you never leave your PC unattended while logged on.
|
|
Top
|
|
Active online surveillance
Our dedicated staff is constantly monitoring the status and
activity of FundVault to proactively identify potential security threats or
unusual user behavior. For instance the system will be able to alert us if a
user has been logging in from different IP addresses, as this may mean that the
password has been passed to an unauthorized person or indeed the user has
changed jobs and not working at the organization any more, from where he had
authorized access. This will prevent unauthorized use even if the fund manager
has not updated us on requests for withdrawal of access permissions.
In order to effectively conduct this surveillance, we will keep
data regarding the portions of the site visited and the information or other
services obtained. This data may also include the domain name, IP address,
Internet service provider, protocol, browser type (including versions and
settings), operating system and connectivity specifications.
FundVault staff may contact users or the fund manager’s
administrator if necessary to confirm activities of a particular user on the
system if they observe unusual activity.
|
|
Top
|
|
Other surveillance
We may also record and store any telephone, e-mail or other
electronic communications with users. We use this information to authenticate
users of our service, save passwords, facilitate your navigation of our site,
and determine your entitlements to data and services.
|
|
Top
|
|
Data Security and Redundancy
All information held within FundVault is stored with 100%
redundancy within secure, dedicated, state-of-the-art hosting facilities. The
facilities incorporate enterprise level intrusion detection and virus
protection software, firewalls, redundant connections and power and
comprehensive physical security systems. Dedicated technical personnel maintain
the physical running of the systems, including addressing hardware failures and
upgrades on an ongoing basis. Backups are made daily and recovery and restore
processes are in place to recover from unavoidable failures. The sites are held
secure and monitored round the clock, 365 days per year.
|
|
Top
|
|
Internal Security
We emphasize to our employees the confidential nature of the
information held within FundVault and the high level of importance we place on
maintaining this confidentiality. All persons who support, maintain, manage or
otherwise have access to the FundVault system have signed confidentiality
agreements that bind them to maintain the strict confidentiality of all aspects
of data held within FundVault, including the content of information itself, the
identity of FundVault's users, access to information by users, and the use and
presentation of information. We have comprehensive processes in place to ensure
that information is kept confidential and that priority is given to supporting
owners of information to maintain their information confidential.
|
|
Top
|
|
Hardware infrastructure Security Features
Mission-Critical Redundancy
All documents and data are stored on redundant drives, so that
if a drive fails, the system continues to operate on a mirrored drive with no
impact on usage or performance. Multiple data pipes into the server facility
provide redundancy for communications. Back-up power supplies and critical
event response systems provide resiliency to react to irregular events such as
power failures.
|
|
Top
|
|
Back-up and disaster recovery
All FundVault data is backed up daily and stored remotely.·
Experienced professional staff are trained and available to perform recover and
restore operations.
|
|
Top
|
|
Data & System Security
FundVault application and documents are running on dedicated
servers that are protected by leading edge enterprise-class firewalls and
intrusion and virus detection software. FundVault is supported by experienced
professional technical staff who are specialized in managing and optimizing
active mission-critical applications.
|
|
Physical Security
Access to the site of the data is secured 24/7 via:
-
Authorization systems for controlled access
-
Biometric identification systems
-
Video surveillance systems
-
Motion sensors
-
Alarm systems
-
Security guards
|
|
Power Backup
Universal Power Systems and stand-alone backup generators
guarantee power to the overall facility and to the data and processing systems.
|
|
Top
|
