Confidentiality, integrity and availability
Whether you’re using our hosted portfolio analysis software, receiving valuations data or connecting on-line to StatPro Revolution we aim to maintain the highest levels of data security possible. This means adopting a culture of information security best practice throughout the business to ensure the three pillars of availability, integrity and confidentiality are maintained for our clients.
StatPro’s ISO 27001, SSAE18 and ISAE3402 certifications ensure that we maintain the confidentiality, integrity and availability of our clients’ data; be it in digital or printed format, in transit or on-site at StatPro.
StatPro uses the latest technologies to ensure client information confidentiality; whether en route to, stored or being processed by StatPro. Internally, client information is shared within StatPro on a ‘need-to-know’ basis. In order to meet a client business objective or resolve an issue, only StatPro staff that need to be familiar with the necessary information will have access to it. Details will not be further shared, either internally or externally. Such an approach is maintained regardless of how or where the information is stored.
Information is carefully managed at StatPro to ensure completeness and accuracy at all times. Back-ups and version control are essential tools to meet this objective, with an audit trail outlining what operations are performed on the information between versions.
Information is of little use if it is not available where and when required. It is therefore stored and managed by StatPro in a way that makes it available as necessary, while preserving its confidentiality and integrity. We monitor all our client facing services.
StatPro works with best in class data center providers like Equinix in the UK and Bell in Canada to provide on-line services for our hosted clients and StatPro Revolution users. These data center facilities provide the highest levels of physical security protecting the environment from unauthorised access 24/7. They also provide resilient services with redundant power, cooling and networking to minimise the impact of a service failure allowing us to keep our systems available all day, every day.
We ensure our platforms and data are backed up and available quickly in the event of a site disaster. We use the latest server virtualization and storage mirroring technologies to make this happen. Our systems are configured to work together making sure no critical services are being run by a stand alone server. We need to be tolerant of component failures so all our systems have multiple paths to power, data and the network. Our engineers are trained and qualified to very high levels and we have over 80 years of combined experience in secure hosting technology across six support sites.
StatPro is also SSAE18 Type II* accredited for its hosted analytics platform, market data services and StatPro Revolution. StatPro recently added the ISAE3402 standard to our audit process.
“This continued audit of our service demonstrates our commitment to providing the asset management industry with a secure and robust technology platform for portfolio analytics, asset valuation and reporting and we are delighted to extend the audit to include StatPro Revolution, our cloud-based portfolio analysis and reporting service. Successfully completing another SSAE 18 Type II audit provides increased assurance and confidence to our clients in the security of our hosted and cloud-based analytics platforms and our market data services. It also demonstrates our dedication to the security of our technology infrastructure and clients’ data.”
Dario Cintioli, Managing Director
*SSAE 18 is the acronym for the American Institute of Certified Public Accountants (AICPA) Statement on Standards for Attestation Engagements (SSAE) No. 18. SSAE 18 defines the professional standards used by a service auditor to assess the effectiveness of internal controls of a service company and their consistent operation over a period of time. SSAE 18 is the new standard that supersedes the previous SAS 70 standard.
The SSAE 18 has two varieties: Type I or Type II. Type II is more comprehensive as it verifies that during a six month period, the hosted analytics platform and market data services capably operate with both internal control design proficiency and operational effectiveness. Type I only measures for a point in time and does not audit operational effectiveness.