ProFundCom is the only email platform to comply with four very specific compliance directives
- FCA Rule SYSC 4.1.1, which states that ‘A firm must have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems’.
- Securities and Exchange Commission (SEC) Rule 17a-4, which describes stringent rules that govern the storage of all electronic messages including email and instant messages for its members.
- The ISO 27001 Security Management Standard which was introduced in 2005. This is an international quality for email and data security and compliance.
- GDPR which is a directive to ask permission, respect the privacy of the subject, value and protect their data. Our full GDPR statement is available here.
Data Retention
ProFundCom complies with latest GDPR, SEC and FCA regulations where records of electronic communications are stored for at least seven years if they undertake particular types of business. The types of business include receiving and executing client orders, negotiating, agreeing and arranging transactions across the equity, bond, financial commodity and derivatives markets as well as offers of services and products to prospects or existing investors. “Electronic communications” subject to the new retention requirements include faxes, e-mails and instant messaging. Many firms, in response to the FCA’s consultation, have reported that their existing technologies do not allow the recording and retention of all of these types of communication. Clients of ProFundCom do however report this ability.
Archiving
ProFundCom complies with the Securities and Exchange Commission (SEC) Rule 17a-4 which describes stringent rules that govern the storage of all electronic messages including email and instant messages for its members.
ProFundCom stores all emails that have been sent out from the system in a special write-once table, where it remains locked for the SEC regulatory period of seven years. These transaction can be queried directly via the ProFundCom Interface to provide immediate regulatory bodies access.
To comply with the regulation the index can be searched and used to retrieve records and all activity in the message store is monitored. This data can also be be made available to other corporate email archiving applications via our XML interface. Products we have integrated with are InterWoven, PlumbTree, Legato and FileNet using the PFC XML interface. If an email archiving system is already in place or if tight integration is not required all emails generated by ProFundCom can be bcc’ed to that account.
Identity management
All ProFundCom access is provided via a secure login that requires username and password authentication. Extensions to ProFundCom are also available that lock a login to a specified IP address or to a dynamically changing key.
Document Security
Documents in the ProFundCom Library are stored in a database where they can be retrieved only by the ProFundCom system. Data is placed in the ProFundCom system only via the personalised and secure html links in the emails sent. This process ensures that documents are not exposed to web-crawlers or search engines such as Yahoo or Google.
Hosting Environment
ProFundCom servers are hosting at Rackspace and Star Networks for failover and redundancy objectives.
ProFundCom uses some of the most advanced technology for Internet security. When you access your ProFundCom server, your information is protected using both server authentication and data encryption, ensuring that your data is safe, secure, and available only to registered users in your organisation. Your data will be completely inaccessible to your competitors.
ProFundCom provides each user in your organisation with a unique user name and password that must be entered each time a user logs on. ProFundCom issues a session “cookie” only to record encrypted authentication information for the duration of a specific session. The session “cookie” does not include either the username or password of the user. ProFundCom.com does not use “cookies” to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.
In addition, ProFundCom is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders.
SAS90 and ISO9001
ProFundCom, the leading hedge fund and asset management intelligence platform, has become an ISO 9001:2008 compliant organization in addition to being a SAS90 certified organisation. The certification is accredited by the United Kingdom Accreditation Service (UKAS).
The certification of compliance with ISO 9001:2008 recognizes that ProFundCom’s policies, practices and procedures ensure consistent quality in the services and product provided to customers.