At Moneyhub Enterprise, we take data protection and legal compliance very seriously and adhere to rigorous industry standards for the transmission of sensitive financial and personal data.
We’re based in Bristol and support and maintain the information security management system. This system is ISO 27001 compliant and we use the following controls and processes to ensure compliance:
● A specialist Financial Service compliance team check processes on a monthly basis
● A comprehensive risk tracker maps information asset risks back to a series of internal controls
● The principle of least privilege is applied throughout the organisation. This is the limiting of access to the minimal level that will allow normal functioning. Staff have the lowest level of user rights that they can possibly have to be able to still perform their tasks.
Security protocols and techniques
We develop the software according to secure engineering principles based on the National Institute of Standards and Technology, Technology Administration, US Department of Commerce - Special publication 800-27 Rev A.
Moneyhub Enterprise software teams undergo regular security awareness training and have a continual threat modelling system in place for the software.
Regular penetration tests are carried out to ensure that the system is protected against vulnerabilities and we use best practices and open standards to ensure that we protect against common attack vectors. Notably, we use the OAuth 2.0 and OpenID Connect standards to enable token based authorisation for all their internal services, ensuring that they don’t rely on perimeter security alone.
Access to the live system is available only to a small number of people. Any access is done via secure channels.
Access to the live cluster is restricted only to the office IP address. Any access is done via encrypted channels and users are authenticated via individual digital keys. The number of people capable to access the live system is kept small to ensure security but adequate enough to ensure business continuity.
Third Party providers
Yodlee provides the connection between the Moneyhub app and financial services providers. Yodlee are supervised by the US Banking Regulators and provide a trusted service to more than 850 organisations globally including 12 of the 20 biggest banks in America.