Information On How We Manage FCA Compliance
Foreword
Since regulated firms have the ability to use us for “Important operational functions” we make sure to stick to the FCA Outsourcing Guidance FG16/5 to remain compliant for anyone using us.
We know that you retain full regulatory responsibilities whilst using our services. The following describes how we would be an essential asset to your companies due-diligence.
Areas that firms should consider in relation to outsourcing to the cloud and other third-party IT services, and how we ensure compliance
Legal and regulatory considerations
We ensure reduction in operational risk with our streamlined customer interface. We aim to be the strongest link in your supply chain in terms of compliance.
Outsource agreements are available if needed if you decide to work with us. All necessary documentation will be stored on the cloud and can be accessed by either party at any time.
Risk Management
If you have a risk assessment related the document collection process, we can provide you with information to easily make an assessment with data and information security management system requirements and cyber risk mitigation for different geographical or jurisdictional locations e.g. UK, EEA or non-EEA.
International standards
Data is stored in relevant servers in the country from where the data originates. However upon an audit, any information can be accessed at any time, as the service provided with regards to document collection, form filling and eSignitures is uniform across the board.
Continuity, Business Planning and Effective Access To Data
Upon the unlikely event of service failure on our side, we offer to provide to carry out the processes our system was set up to do, until the issue is fixed. We’ve proven to have 99.99% uptime.
Budos Media is regularly updated and improved. To insure effectiveness, upon request we can place periodic arrangements to test our service, and provide and store the results accessible by both parties.
We also provide access to all of the data acquired over the contract period at any time.
Access to Business Premises - Free Regulator, Firm and Auditor Access
Our premises are available to be visited at any time by a third party, their auditors and the relevant competent authorities. To whom we will provide any relevant data and records.
Resolution (where applicable)
Since our service is a problem solving solution, it creates simplicity in the document collection process.
We agree that neither the entry into resolution nor a subsequent change in control arising from the firm’s entry into resolution shall constitute a termination event.
We hold no deposits or client assets, so we do not stand in the way of insolvency procedures for your firm.
Exit Plan
Since our services only speeds up and streamlines document collection processes, firms ability to perform previously manual document collection processes that were in place prior to using our services still remains.
If the firm decides to swap providers, we can issue all necessary documentation and data needed to do so. However in the unlikely event of a fatal error during this process, we do provide an alternative manual document collection and data processing mechanical turk service to maintain your business continuity.
Upon exit we also remove any data associated with your firm.
If there is a function to the software that you need to be compliant, or a term/condition needed to do business with us we will add it upon request.
Information On How We Manage GDPR Compliance
Here are categories by the Data Protection Act 2018 and how we ensure compliance.
Lawful Basis
We qualify for a GDPRs’ lawful basis and transparency because we process documents on your behalf of Article 6, Section 1, Subsection b of the General Data Protection Regulation. This gives us the legal justification to deal with personal information.
Data Security
We achieve secure communication through https, which makes a secure connection by establishing an encrypted link between the browser and the server or any two systems. This also gives us data integrity by encrypting the data and so, even if hackers manage to trap the data, they cannot read or modify it.
We give you the ability to further minimise the processing of personal data, as well as pseudonymising it in the transfer process to the cloud. With the client report tool, both the client and yourselves have transparency with regard to the functions and processing of personal data enabling the data subject to monitor the data processing.
Our internal security policy states that only the appointed developers can manage your data. We carry out a Data Protection Impact Assessment once a quarter to stay freshly compliant.
Accountability and Governance
Delegated Data Protection Officer: Balázs Gergely. Before doing business we request you to sign a data processing agreement compliant within the UK and All EU Member states.
And if there is a function that you think will make us more compliant, we will add it upon request.
Privacy Rights
If a data request from a Client or Customers comes in asking for all the data you have of them, our software allows for summarising that data, with the ability to send it to them with one click in an easily readable and transferrable pdf format.
If there is a function to the software that you need to be compliant, or a term/condition needed to do business with us we will add it upon request.
